Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Botnets’ Category




    We recently noticed that there has been an increase in spammed messages that use airline information as bait. These messages are made to look like notifications from airlines such as Delta Airlines, British Airways, US Airways, and American Airlines. Each message comes with an attachment—often in the form of a fake e-ticket—that recipients are supposed to open. This attachment is actually a BKDR_KULUOZ variant. Figure 1. Screenshot of sample spam KULUOZ variants are known to download and execute other malware, such as SIREFEF/ZACCESS and ...

    Posted in Botnets, Spam | Comments Off



    The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack. In their briefing, Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. To create the botnet itself, the potential ...

    Posted in Botnets | Comments Off



    For a few months now, we have been actively monitoring a spambot named Stealrat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable CMS software such as Wordpress, Joomla and Drupal. In this entry, we will discuss how website administrators can check if their website is compromised and part ...

    Posted in Botnets, Malware, Spam | Comments Off



    The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. Initially, this project to update Andromeda was about to die but the botnet's author found a successor (even though he did not officially retire). Here is the author's previous post, which basically says that if ...

    Posted in Botnets | Comments Off



    Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things: Compromised website for sending spam Compromised systems for harvesting and delivering the spam data Compromised website for delivering the payload Figure 1. StealRat method In this set ...

    Posted in Botnets, Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice