We recently came across some malware of the SOGOMOT and MIRYAGO families that update themselves in an unusual way: they download JPEG files that contain encrypted configuration files/binaries. Not only that, we believe that this activity has been ongoing since at least the middle of 2010. A notable detail of the malware we came across…
Read MoreTrend Micro has acquired samples of an exploit targeting the recent zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. We…
Read MoreRecently, Trend Micro published findings on a new campaign called EvilGrab that typically targets victims in Japan and China. This campaign is still attacking users, and we have now acquired a builder being used to create binaries of this campaign. EvilGrab Builder In The Wild What led us to the builder for EvilGrab was a binary…
Read MoreFor many, the holiday season is a season for shopping and spending. But cybercriminals see it in a different light—they see it as a prime opportunity to steal. Take, for example, online shopping. Malicious websites to try and trick online shoppers into giving them their money instead of the legitimate shopping websites. These sites are often made to…
Read MoreSeveral months ago, we found that several Ice IX servers were hosted in the .co.za (South Africa) top-level domain. Our research revealed that these servers were all tied to a group of individuals located in Nigeria. To recap, Ice IX is a popular banking Trojan that was heavily used by these criminals, together with the…
Read More