Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Bad Sites’ Category



    Apr28
    5:54 am (UTC-7)   |    by

    The Russian Underground has been around (in an organized manner) since 2004, and has been used both as a marketplace and an information exchange platform. Some well-known centers of the Russian underground include zloy.org, DaMaGeLab, and XaKePoK.NeT. Initially, these forums were used primarily to exchange information, but their roles as marketplaces have become more prominent. Many parts of the Russian underground today are now highly specialized. A cybercriminal with ties to the right people no longer needs to create all his attack tools himself; instead ...

    Posted in Bad Sites, Data | Comments Off



    A few days ago, America Online, or AOL, confirmed that their mail service - AOL Mail - had been hacked, with the email addresses (allegedly only 1% of their entire customer base) either compromised and/or spoofed to send spam with links leading to phishing pages.  We combed through the Internet to look for samples of the phishing spam being sent, and they popped up readily in our searches. Figure 1. AOL Mail spam sample Figure 2. Second AOL Mail spam sample The spammed ...

    Posted in Bad Sites, Spam | Comments Off



    Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack. Figure 1. Heartbleed spam The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ...

    Posted in Bad Sites, Spam | Comments Off


    Apr17
    4:59 am (UTC-7)   |    by

    [caption id="attachment_59121" align="alignright" width="150"] How the Heartbleed bug works[/caption] In previous blog entries, we've discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, in their own ways, vulnerable to the threat. To help deal with the Heartbleed vulnerability, we've released several ...

    Posted in Bad Sites | Comments Off



    In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under "vulnerable" or "safe." The data we were able to gather revealed some interesting findings. As of the moment, we see an overall percentage of around 5% in terms of sites affected by CVE-2014-0160. The TLDs with ...

    Posted in Bad Sites, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice