Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Viro Botnet Ransomware Breaks Through -

    We have recently observed the Virobot ransomware (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH) which has botnet capabilities, affecting users in the United States.

    The post Viro Botnet Ransomware Breaks Through appeared first on .

  • September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities -

    September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitter and has been seen actively used in malicious campaigns as early as September 5.

    The post September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities appeared first on .

  • A Closer Look at the Locky Poser, PyLocky Ransomware -

    While ransomware has noticeably plateaued in today’s threat landscape, it’s still a cybercriminal staple. In fact, it saw a slight increase in activity in the first half of 2018, keeping pace by being fine-tuned to evade security solutions, or in the case of PyLocky (detected by Trend Micro as RANSOM_PYLOCKY.A), imitate established ransomware families and ride on their notoriety.

    In late July and throughout August, we observed waves of spam email delivering the PyLocky ransomware. Although it tries to pass off as Locky in its ransom note, PyLocky is unrelated to Locky. PyLocky is written in Python, a popular scripting language; and packaged with PyInstaller, a tool used to package Python-based programs as standalone executables.

    The post A Closer Look at the Locky Poser, PyLocky Ransomware appeared first on .

  • Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum -

    We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian countries. The sample data we saw was unencrypted (in plaintext), some of which were in CSV, SQL, and TXT dumps.

    We believe this stolen data is related to the data breach (reported on August 29) that exposed up to 130 million PII. The news that reported the data breach matched with an advertisement we saw in the dark web selling the stolen data for eight bitcoins (equivalent to more than US$58,000 as of September 5, 2018).

    The post Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum appeared first on .

  • The Urpage Connection to Bahamut, Confucius and Patchwork -

    In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”

    The post The Urpage Connection to Bahamut, Confucius and Patchwork appeared first on .

  • IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF -

    Trend Micro recently saw increased abuse of the internet query file IQY, similar to the activity detected in June from a Necurs-distributed spam wave that delivered the FlawedAmmyy RAT. It appears cybercriminals are taking advantage of the simple structure of IQY files because they can be used to evade structure-based detection methods.

    Our latest observation found the Cutwail botnet distributing spam mails abusing IQY files. The spam campaign specifically targets users in Japan, delivering either the BEBLOH (detected by Trend Micro as TSPY_BEBLOH.YMNPV) or URSNIF (TSPY_URSNIF.TIBAIDO) malware. The spam mails attempt to trick users into clicking the attachment using conventional social engineering baits such as "payment," "photos sent," “photos attached,” and "please confirm," among others. The campaign’s activity was detected on August 6, 2018, and has managed to distribute approximately 500,000 spam mails. The spam distribution has since died down on August 9.

    The post IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF appeared first on .

  • Supply Chain Attack Operation Red Signature Targets South Korean Organizations -

    Together with our colleagues at IssueMakersLab, we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the attacks around the end of July, while the media reported the attack in South Korea on August 6.

    The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

    9002 RAT also installed additional malicious tools: an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper. These tools hint at how the attackers are also after data stored in their target’s web server and database.

    The post Supply Chain Attack Operation Red Signature Targets South Korean Organizations appeared first on .

  • Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode -

    We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default.

    The post Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode appeared first on .

  • August Patch Tuesday: A Tale of Two Zero-Days -

    This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.

    The post August Patch Tuesday: A Tale of Two Zero-Days appeared first on .

  • Ransomware as a Service Princess Evolution Looking for Affiliates -

    We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig's traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.

    The post Ransomware as a Service Princess Evolution Looking for Affiliates appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin