Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category

    Trend Micro has acquired samples of an exploit targeting the recent zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in ...

    Posted in Exploits, Vulnerabilities | Comments Off

    Recently, independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively. This particular exploit checks what version of Silverlight is installed on a user's system and only runs on the following versions: 4.0.50401 4.0.60310 4.1.10329 5.0.61118 5.1.10411 Up-to-date versions of Silverlight are not ...

    Posted in Exploits, Malware, Vulnerabilities | Comments Off

    Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused. Remarkably, after all that time, it's still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day. Based on feedback from the Smart Protection Network, DOWNAD has been a leading threat for years. It ...

    The third quarter of the year shone the spotlight on parts of the hidden Internet that would have preferred to remain hidden. Services favored by cybercriminals such as the digital currency Liberty Reserve and the online marketplace Silk Road were all shut down during the quarter. Right after the quarter ended, the notorious creator of the Blackhole Exploit Kit, Paunch, was arrested as well, severely curtailing related spam campaigns. Cybercrime Continues Unabated Despite these steps, however, cybercrime continued to grow during the ...

    Posted in Exploits, Malware, Mobile, Vulnerabilities | Comments Off

    Microsoft announced yesterday that an unpatched vulnerability was reportedly being exploited and used in targeted attacks in certain countries. The said exploit is designed to take advantage of a previously unknown vulnerability in Microsoft Office 2003, 2007 and 2010 and Windows XP and Server 2003. The said vulnerability stems from how older versions of Office and Windows graphic components process TIFF images (CVE-2013-3906). A common way that this is being exploited is embedding a DOC file with a malicious TIFF file. Using clever ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice