Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    October 2012
    S M T W T F S
    « Sep   Nov »
  • Email Subscription

  • About Us

    Archive for October 22nd, 2012

    We’re currently investigating several file infectors that have affected several countries, particularly Australia. Trend Micro detects these as PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O.

    Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information:


    The infected file (detected as PE_XPAJ variants) is capable of downloading randomly generated encrypted filename for its mother and loading it to the memory. As such, the copy of the mother file can be found in Windows folder using random file name and extension. Users will notice the re-infection once these encrypted files exist again in the said Windows folder and use the same filename and extension that was employed before.

    PE_XPAJ variants infect EXE, .SCR, .DLL and .SYS files. They also infect the Master Boot Record (MBR) to automatically load itself before the OS loads. One of their payloads is click fraud. These variants have the capability to redirect users to ad-clicking scam, to generate profit for the cybercriminals.
    Read the rest of this entry »


    As we’ve seen in the case of PCs, social engineering schemes and cybercriminal activities ride on what’s popular. This quarter, we saw how the threat landscape put a price on popularity.

    We have observed a sixfold increase in the number of Android malware as the sales of Android-based devices rise. There are now almost 175,000 malicious and potentially dangerous or high-risk Android apps—showing a drastic growth from the mere 30,000 apps we saw in June. A significant increase in the mobile adware is seen. These adware are known to display ads and gather user information without their consent. With the continuous adoption of mobile devices, predictions regarding mobile attacks are becoming a reality. Amid all these, an important question persists: Do you realize that the mobile apps you use every day are basically web clients? But do you allot the same effort to secure them?

    We also discovered that cybercriminals are not letting up on what they know people will bite. They know you will continue downloading stuff from peer-to-peer (P2P) networks. That’s why they’ll continue to plague those sites. One of the most dangerous things you can end up with is ZeroAccess malware infection. ZeroAccess malware silently runs when you use Adobe Flash Player. We recorded more than 900,000 ZeroAccess malware detections to date. Popular social media sites were still plagued by survey scams. Apart from social media top-of-mind Facebook, the bad guys also targeted the highly popular photo-blogging sensation Tumblr.

    Cybercriminals also continued to trail their sights on well-known programs, Java and Internet Explorer, even using them for sophisticated advanced persistent threat (APT) campaigns. Attackers also added malicious Android application package (APK) files, the file format used to distribute and install application software and middleware in Android OSs, to their toolkits.

    We’re seeing the same pattern. The popular always comes under siege. It pays to be aware, so read more in “3Q 2012 Security Roundup: Android Under Siege: Popularity Comes at a Price” and be in the know.

    Posted in Bad Sites | Comments Off on Perils of the Popular


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice