Last year, the security industry was plagued by a series of APT reports, which included the “Nitro Attack”. The backdoor used here is known as PoisonIvy or BKDR_POISON. Its builder is available online. Security vendors have then taken measures to counter this threat to help customers battle against similar infections in the future. However, a…
Read MoreErika Mendoza
Threat Response Engineer
We have found evidence that the human rights organization found affected by a website compromise is not the only intended target for the attack. The website was said to have an iframe that redirected users to another compromised site in Brazil. The site executed a malicious Java applet detected as JAVA_DLOAD.ZZC. JAVA_DLOAD.ZZC leverages a vulnerability…
Read MoreWhen I read this blog entry a few days ago, the first question that entered my head was, “Is this another targeted attack?”. I took a look at the .PDF discussed in the entry and it appeared to be a document addressed to employees of a certain defense contractor. Trend Micro products detect this malicious…
Read MoreTrendLabsSM is currently taking a look at an interesting .ELF file that is actually an IRC backdoor program. We initially found some code suggesting that it performs brute-force attacks on router user name-password pairs. This malware is predominantly found in Latin America but we are also checking the extent of infection in other regions. The attacks…
Read MoreMalware writers are again taking advantage of curious readers by sending out email messages related to recent news events that contain malicious attachments. One particular sample detected as TROJ_AZAH.A comes disguised as a folder. A curious user may “open” the disguised file and run it. Among the folder names used are: Philippine-HK News Rise of…
Read More