Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    May 2015
    S M T W T F S
    « Apr    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us


    Archive for the ‘Exploits’ Category




    Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there are now some key technical differences between these various exploit kits. In this post, we shall go over some of these differences. Exploits used Exploits targeting Internet Explorer, ...

    Posted in Exploits | Comments Off on What’s New in Exploit Kits in 2014



    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware | Comments Off on Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel



    Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes. In both October and November Patch Tuesday cycles, Microsoft addressed several vulnerabilities that were used by attackers to escape the Internet Explorer sandbox. One of ...

    Posted in Exploits, Vulnerabilities | Comments Off on Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349



    Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in applications previously thought safe. Below is a timeline of events that Shellshock unraveled. Figure 1. A timeline of events that illustrate the Shellshock exploitation that took place ...

    Posted in Bad Sites, Exploits, Malware, Mobile, Targeted Attacks, Vulnerabilities | Comments Off on 3Q 2014 Security Roundup: Vulnerabilities Under Attack



    In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more digging and found out that the number of Flash files isn’t the only thing that has changed: these files use obfuscation techniques than files from two to three years ago. Antivirus evasion is the primary goal of obfuscation. SWF files use obfuscation techniques to ...

    Posted in Exploits, Vulnerabilities | Comments Off on Obfuscated Flash Files Make Their Mark in Exploit Kits


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice