Discovered by Trend Micro in 2014, the banking Trojan Emotet has been brought back to life by malware authors last year with its own spamming module that has allowed it to spread, target new industries and regions, and evade sandbox and malware analysis techniques. This year, we examined Emotet’s activities to learn more about how this modular malware wreaks havoc: We did a comprehensive research on Emotet’s artifacts — 8,528 unique URLs, 5,849 document droppers, and 571 executables collected between June 1, 2018 and September 15, 2018 — to discover Emotet’s infrastructure as well as possible attribution information.Read More
This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability (CVE-2018-8589, ) that is already being used in malicious attacks.Read More
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, encryption, and obfuscation, among other techniques, to automate and increase variants in an attempt to evade traditional intrusion detection methods such as rule-based techniques.
To address these growing number of network threats and keep abreast with the changing sophistication of network intrusion methods, Trend Micro looked into network flow clustering — a method that leverages the power of machine learning in strengthening current intrusion detection techniques.Read More
In late October, security researchers from Cymulate showed a proof of concept (PoC) exploiting a logic bug that could allow hackers to abuse the online video feature in Microsoft Office to deliver malware. We indeed identified an in-the-wild sample (detected by Trend Micro as TROJ_EXPLOIT.AOOCAI) in VirusTotal, using this method to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).
Since this kind of attack involves the use of a specially crafted Word document, we can assume that it can arrive on a user’s system through other malware or as an attachment or links/URLs in spam.Read More
The concept of a stealthy, difficult-to-detect malware operating behind the scenes has proven to be an irresistible proposition for many threat actors, and they’re evidently adding even more techniques, as seen in a cryptocurrency miner (detected as Coinminer.Win32.MALXMR.TIAOODAM) we discovered that uses multiple obfuscation and packing as part of its routine.Read More