New VirusesThe DOWNAD/Conficker Jigsaw PuzzleThis blog post puts together Trend Micro’s own DOWNAD research as well as collaborative input from the Conficker Working Group. It includes the collected reports regarding DOWNAD as well as analysis of binaries in one coherent timeline of events to shed some light in the continuing DOWNAD/Conficker Jigsaw Puzzle.
SETTING THE STAGE
The rise of DOWNAD to [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Boredom Results in Twitter Malware AttackNormally, cybercriminals tend to be an anonymous lot. However, over the weekend we encountered a malware attack on Twitter which, if the named author is to be believed, was conceived out of boredom. There are many ways to relieve boredom, and writing malware shouldn’t really be one of them.
Multiple users having exactly the same tweets [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Rotten Eggs: An Easter Malware Campaign
Easter, like any other holiday, will not pass without cyber criminals attempting to exploit the occasion for their own malicious operations.
Trend Micro Advanced Threats Researcher Paul Ferguson discovered websites that seem to be related to Easter, except they are malicious and were created to spew malware onto PCs. He adds that there is evidence again [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Adobe Acrobat/Reader getIcon() Vuln Exploit in the WildCyber criminals have now updated their PDF exploits to include the getIcon() vulnerability (CVE-2009-0927). We currently detect this as TROJ_PIDIEF.OE.
As usual, we highly encourage users to update now to the latest versions of Adobe Acrobat and Adobe Reader (if you haven’t yet). Reading the security advisory by Adobe closely, we see that this issue was [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
DOWNAD/Conficker Watch: New Variant in The Mix?Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing P2P communications from the Conficker peer nodes.
Well that was until last night when we saw a [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
New MS08-067 Exploit Creeps in During DOWNAD FrenzyA new MS08-067 exploit silently made its entrance as the rest of the world was keeping watch on DOWNAD’s next step last week. In what seems to be a case of “old worm with new tricks,” the worm Neeris which has been active for a few years now was found updated with the now [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Tax Season is Phishing SeasonAs usual, the approaching tax season (April 15th is Tax Day in the US) also comes with tax-related online threats. With unemployment rates reaching record highs this year, cybercriminals have yet another opportunity to polish their social engineering techniques.
Last year, spammed messages supposedly from the Internal Revenue Service (IRS) delivered malware into systems. The email [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Downad.KK/Conficker.C p2p Port Generation Code Exposed
Yes, we didn’t want to hear any more about this either, but this is actually interesting.
In the process of investigating the WORM_DOWNAD.KK peer-to-peer (P2P) protocol communications, Trend Micro threat researchers have discovered – with the assistance of some external resources – some interesting code which indicates that the basic code functionality has been borrowed from [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
A Look Inside Conficker P2P TrafficVisualizations can often show researchers details that would otherwise take hours of staring at raw data to find. WORM_DOWNAD.KK has plenty to show us if we look in the right places. This post focuses on the various P2P channels.
The first set of graphs map each IP address (source and destination) found in the source pcap [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
New Exploit Takes on MS PowerPointA new 0-day malware leveraging on a vulnerability found in Microsoft PowerPoint is making rounds. Distributed as attachment to spam messages, specially crafted PowerPoint files are used for exploitation, which would grant cybercriminals access into the affected user’s system.
The aforementioned files containing the exploit are detected by Trend Micro as TROJ_PPDROP.AB. According to the analysis [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Waledac Spamming Image Hosting and Italian Job OffersIf you have been swamped lately by email offering unlimited image hosting services at a certain site such as the one below, blame Waledac for that.
Figure 1. Image hosting spam
Worth noting also is that this particular image hosting site’s name bears resemblance to the publisher of the most popular MMORPG (massively multiplayer online role-playing)game.
Besides advertising [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
More DOWNAD/Conficker Questions After April 1st All around the world, April 1st has already passed. The DOWNAD/Conficker April 1st hype has kept most, if not all, of us in the security industry and in the Conficker Working Group busy in the past few weeks. The day may have ended quietly, but follow-up question still linger as a new day begins:
Q: [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Cable Cable Phish PhishThe Trend Micro Content Security team recently discovered a Cable Cable Inc. domain hosting a Walmart phishing survey. Cable Cable Inc. is a television, Web, and phone service provider based in Canada. Walmart, of course, is the chain of discount department stores.
As shown in the following sample phishing page, hosted at http://{BLOCKED}www.cablecable.net/~brook/SpringSurvey/walmartstores.com/walmartstores.com/index.html, Walmart customers are [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Strange April Fools’/D-Day PrankWhile the computing population is secretly expecting fireworks once DOWNAD-infected PCs start accessing some of its 50,000 generated URLs, we at Trend Micro know that cybercrime operates in almost absolute stealth. Preaching this alongside best practices like immediately installing OS, productivity and security software updates is a drum security workers beat tirelessly.
In an anti-climactic turn, [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
What Will Go DOWNAD on April 1?Much has been said about the DOWNAD worm (a.k.a. Conficker) and its enigmatic payload that will supposedly be unleashed on April 1st. There are two days to go until the moment of truth and the hype isn’t expected to die down. But online threat history tells us that trigger/activation dates of equally hyped malware have [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
New Malware Cracks MacsMalware targeting machines running on Mac OS are quickly becoming quite common, with new variants appearing on a seemingly monthly basis. Just last week, our friends at Intego reported of new variant of the RSPLUG Trojan in the wild.
Taking its cue from the routines of the first RSPLUG malware, this latest incarnation no longer limits [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Spoofed Delta Airlines Contains MalwareThe Trend Micro Content Security team discovered spoofed email messages that pretend to be from Delta Airlines. The fake email message contains a confirmation numbers of supposed ticket purchase and a ZIP file. Recipients are told that this said file contains details on the travel itinerary.
Here’s a screenshot of a spammed message:
Figure 1. Sample spam.
The [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
E-cards Used to Advertise Adult Dating SiteThe misuse of legitimate services continue as after recent reports of cybercriminals exploitng the redirecting service TinyURL to slip past spam filters, legitimate e-card services are now being used.
We have received email samples that arrive as ecards with the subject header “Regards From Secret Admirer”. The greeting cards were from Regards.com, the web’s largest collection [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Data-for-ransom Syndicates Strike OnlineHow much is your data worth? A great deal, perhaps, for most of us. Naturally, cybercriminals keep coming up with new ways to exploit this. The new attack? Taking a page out of offline criminal syndicates, now your data is being held for ransom–literally.
This latest bit of malware, detected by Trend Micro as TROJ_FAKEALE.BG, is [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Smarter Advertising–Or Is It? Mobile technology is mainstream now. Just as radio, television and desktop computers have become integral parts of the normal household, mobile devices such as cellphones, MP3 players and laptops have also become essential tools in our day-to-day functions.
Today, the capabilities of these devices are increasingly becoming so advanced that they can even tell where [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
|
SyndicateNavigation |