• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Spam

From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • Posted on:September 22, 2016 at 2:15 am
  • Posted in:Ransomware, Spam
  • Author:
    Trend Micro
0
feature_ransomeware

Why is it critical to stop ransomware at the gateway layer? Because email is the top entry point used by prevalent ransomware families. Based on our analysis, 71% of known ransomware families arrive via email. While there’s nothing new about the use of spam, ransomware distributors continue to employ this infection vector because it’s a tried-and-tested method. It’s also an effective way to reach potential victims like enterprises and small and medium businesses (SMBs) that normally use emails for communication and daily operations. Over the first half of the year, we observed how cybercriminals leveraged file types like JavaScript, VBScript, and Office files with macros to evade traditional security solutions. Some of these file types can be used to code malware. In fact, as a security precaution, Microsoft turns off macros by default. In this blog post, we examine various email file attachments and how ransomware affected the fluctuation in the use of these file types.

Read More
Tags: LockyLocky Ransomwarespam email attachment

BANKER Trojan Sports New Technique to Take Advantage of 2016 Olympics
  • Posted on:August 19, 2016 at 3:45 am
  • Posted in:Malware, Spam
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0
feature_cybercrime

Despite the 2016 Olympics coming to a close, cybercriminals remain relentless in using the sporting event as a social engineering hook to distribute a banking Trojan. Earlier this month, we spotted a phishing campaign that led victims to unknowingly download the Banker malware. Although Banker has been in the wild for years, this time we see it using a Dynamic Loading Library (DLL) with malicious exported functions. One of the export calls used is to check if the victimized system is located in Brazil.  If the geolocation points to Brazil, then another malicious file is downloaded.  This particular new routine points to the possibility of the cybercriminals’ intention of riding on the popularity of the Olympics to lure users. Apart from Banker, there are reports indicating that other banking Trojans, are doing the same thing. For instance, Sphinx ZeuS has enhanced its capabilities because of the Olympics.

Read More
Tags: 2016 Olympicsbanking trainingBrazilian cybercriminal undergroundcarding training

New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
  • Posted on:August 14, 2016 at 5:30 pm
  • Posted in:Malware, Ransomware, Spam
  • Author:
    Trend Micro
0
feature_ransomeware

Like a game of cat and mouse, the perpetrators behind the Locky ransomware had updated their arsenal yet again with a new tactic—using Windows Scripting File (WSF) for the arrival method. WSF is a file that allows the combination of multiple scripting languages within a single file. Using WSF makes the detection and analysis of ransomware challenging since WSF files are not among the list of typical files that traditional endpoint solutions monitor for malicious activity.

However, the use of WSF files is no longer a novel idea since the same tactic was used in Cerber’s email campaign in May 2016. It would seem that the attackers behind Locky followed Cerber in using WSF files after seeing how such a tactic was successful in bypassing security measures like sandbox and blacklisting technologies.

Read More
Tags: Brazilian underground marketcrypto-ransomwareLocky Ransomware

BEBLOH Expands to Japan in Latest Spam Attack
  • Posted on:July 5, 2016 at 7:42 pm
  • Posted in:Malware, Spam
  • Author:
    Janus Agcaoili (Threat Response Engineer)
0
feature_cybercrime

An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks.

BEBLOH is a banking Trojan that has been around since as early as 2009. It has outlived several competitors including Zeus, and SpyEye. It is designed to steal money from unsuspecting victims right off their bank accounts without them even noticing. BEBLOH always came up with new defensive measures to avoid AV products, and this time is no different. BEBLOH is also known for hiding in memory and creating a temporary new executable file upon shutdown, and deleting said file after re-infecting the system.

Read More
Tags: banking TrojanBEBLOHSpam

Why Ransomware Works: Arrival Tactics
  • Posted on:June 27, 2016 at 7:42 am
  • Posted in:Bad Sites, Malware, Ransomware, Spam
  • Author:
    Trend Micro
0

Apart from understanding the ransomware tactics and techniques beyond encryption, it is equally important to understand how they arrive in the environment. Our recent analysis reveals that majority of ransomware families can be stopped at the exposure layer—web and email. In fact, Trend Micro has blocked more than 66 million ransomware-related spam, malicious URLs, and threats from January to May 2016.

Read More
Tags: Angler Exploit KitCERBERcrypto-ransomwareCryptXXXexploit kitsLockyNeutrino exploit kitpetyarig exploit kitTeslacryptTorrentLocker
Page 1 of 9712 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Network Solutions to Ransomware – Stopping and Containing Its Spread

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Cybercriminals Improve Android Malware Stealth Routines with OBAD

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.