• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Trend Micro

From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • Posted on:September 22, 2016
  • Posted in:Ransomware, Spam
  • Posted by:
    Trend Micro
0
feature_ransomeware

Why is it critical to stop ransomware at the gateway layer? Because email is the top entry point used by prevalent ransomware families. Based on our analysis, 71% of known ransomware families arrive via email. While there’s nothing new about the use of spam, ransomware distributors continue to employ this infection vector because it’s a tried-and-tested method. It’s also an effective way to reach potential victims like enterprises and small and medium businesses (SMBs) that normally use emails for communication and daily operations. Over the first half of the year, we observed how cybercriminals leveraged file types like JavaScript, VBScript, and Office files with macros to evade traditional security solutions. Some of these file types can be used to code malware. In fact, as a security precaution, Microsoft turns off macros by default. In this blog post, we examine various email file attachments and how ransomware affected the fluctuation in the use of these file types.

Read More
Tags: LockyLocky Ransomwarespam email attachment

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Posted on:September 14, 2016
  • Posted in:Exploits, Vulnerabilities
  • Posted by:
    Trend Micro
0
feature_vul

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.

This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.

Read More
Tags: CVE-2016-6662My SQLvulnerability

BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Posted on:September 14, 2016
  • Posted in:Ransomware
  • Posted by:
    Trend Micro
0
feature_ransomeware

While most ransomware we’ve seen only target specific file types or folders stored on local drives, removable media and network shares, we were able to uncover a ransomware family that does not discriminate: HDDCryptor. Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive. Such a damaging routine makes this particular ransomware a very serious and credible threat not only to home users but also to enterprises.

Read More
Tags: HDDCryptorransomwareServer Message Block

A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple’s Developer Enterprise Program to Serve Adware
  • Posted on:September 12, 2016
  • Posted in:Mobile, Social
  • Posted by:
    Trend Micro
0
Mobile04

For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores.

Haima exactly does that, and more. We discovered this China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.

Read More
Tags: adwareiOSMobilePokemon Gorepackaged apps

Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Posted on:September 9, 2016
  • Posted in:Ransomware
  • Posted by:
    Trend Micro
0
feature_ransomeware

Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While most ransomware directly sends the gathered information to their designated C&C servers, there are some variants that slightly differ. CuteRansomware, for instance, uses Google Docs to pass information from the infected system to the attackers.

One of the latest ransomware families, CryLocker (detected as RANSOM_MILICRY.A), does the same by taking advantage of Imgur, a free online image hosting site that allows users to upload and share photos to their contacts. During our monitoring of activities related to exploit kits, we spotted both Rig and Sundown distributing this threat.

Read More
Tags: CryLockerrig exploit kitsundown exploit kit
Page 1 of 5712 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Network Solutions to Ransomware – Stopping and Containing Its Spread

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Cybercriminals Improve Android Malware Stealth Routines with OBAD

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.