We’ve been continuously receiving infection reports, specifically from the APAC and NABU regions, related to a certain malware that uses Remote Desktop Protocol to propagate. Detected as WORM_MORTO.SMA, this malware drops its component files, including a .DLL file, which is dropped onto the Windows folder. The said .DLL file, which bears the file name clb.dll,…Read More
Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies.
Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if they’re not necessarily “broken”—but unsecure? Exposing a mainframe online, even unintentionally, can be detrimental to the security not only of the company’s crown jewels, but also their customers. This is what we found using data from Shodan, a public search engine for internet-connected devices.Read More
In our earlier post discussing steganography, I discussed how it is now being used to hide configuration data by malware attackers. Let’s go discuss this subject another facet of this topic in this post: how actual malware code is hidden in similar ways. Security analysts will probably throw their hands up in the air and say, “we’ve had code hiding…Read More
We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A. When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further…Read More
Seen in the wild last July 2012, PE_MUSTAN.A spreads around less secured networks and is known to target systems with weak passwords. Its roots can be traced from WORM_MORTO.SM that proliferated a year before. While this tactic of brute forcing its way around the network is not new anymore, PE_MUSTAN’s presence proves that supposed secured…Read More