• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Brooks Li (Threats Analyst)

Brooks Li

Threats Analyst

Locky Ransomware Now Downloaded as Encrypted DLLs
  • Posted on:August 29, 2016
  • Posted in:Malware, Ransomware
  • Posted by:
    Brooks Li (Threats Analyst)
0

The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs.

Recently we encountered a new Locky variant (detected as RANSOM_LOCKY.F116HM) that used old tactics on the surface, but with some key technical changes. The emails that were used to distribute it were fairly pedestrian as far as these messages go, although it was part of a large-scale spam campaign.

Read More
Tags: LockyPRNGransomwareUHE PRNG

Hacking Team Flash Zero-Day Integrated Into Exploit Kits
  • Posted on:July 7, 2015
  • Posted in:Exploits, Malware, Vulnerabilities
  • Posted by:
    Brooks Li (Threats Analyst)
4

Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day. The existence of this particular vulnerability was just leaked from Hacking Team; Adobe has…

Read More
Tags: adobe flashAnglerexploit kitHacking TeamNeutrinoNuclearzero day

A Closer Look at the Exploit Kit in CVE-2015-0313 Attack
  • Posted on:February 3, 2015
  • Posted in:Bad Sites, Vulnerabilities
  • Posted by:
    Brooks Li (Threats Analyst)
2

We have helpful information that can help us identify the exploit kit used in the Adobe Flash zero-day attack we blogged about yesterday. Adobe states in their advisory that the related vulnerability, CVE-2015-0313, affects current versions (Adobe removed version 11.x and earlier from affected software). At first, we figured that the exploit kit involved was…

Read More
Tags: Adobeadobe 0-dayAdobe Flash Player

What’s New in Exploit Kits in 2014
  • Posted on:December 17, 2014
  • Posted in:Exploits
  • Posted by:
    Brooks Li (Threats Analyst)
0

Around this time in 2013, the most commonly used exploit kit – the Blackhole Exploit Kit – was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there…

Read More
Tags: 2014exploit kits

An In-Depth Look Into Malicious Browser Extensions
  • Posted on:October 29, 2014
  • Posted in:Malware, Social
  • Posted by:
    Brooks Li (Threats Analyst)
2

Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that bypasses a Google security…

Read More
Tags: Facebookmalicious browser extensionsocial media
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
  • Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.