Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Necurs Poses a New Challenge Using Internet Query File -

    By Jed Valderama, Ian Kenefick, and Miguel Ang Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again. Current findings prove that its developers are actively devising new means to stay ahead of the security measures...

    The post Necurs Poses a New Challenge Using Internet Query File appeared first on .

  • Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware -

    We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

    The post Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware appeared first on .

  • FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users -

    Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published on Google Play or App Store. We’ve also seen others take a more subtle approach that involves SmiShing to direct potential victims to malicious pages. Case in point: a campaign we recently observed that uses SMS as an entry point to deliver an information stealer we called FakeSpy (Trend Micro detects this threat ANDROIDOS_FAKESPY.HRX).

    FakeSpy is capable of stealing text messages, as well as account information, contacts, and call records stored in the infected device. FakeSpy can also serve as a vector for a banking trojan (ANDROIDOS_LOADGFISH.HRX). While the malware is currently limited to infecting Japanese and Korean-speaking users, we won't be surprised if it expands its reach given the way FakeSpy’s authors actively fine-tune the malware’s configurations.

    The post FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users appeared first on .

  • North American Malware Trends: Taking a Proactive Approach to Modern Threats -

    To help IT teams decide where their points of focus should be to create an effective security strategy, we took a look at data in North America in the first quarter of 2018 to determine the trends in the threat landscape and paint a picture of the main types of threats that both individuals and organizations face today.

    The post North American Malware Trends: Taking a Proactive Approach to Modern Threats appeared first on .

  • Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor -

    we found a new sample that may be related to the MuddyWater campaign. Like the previous campaigns, these samples again involve a Microsoft Word document embedded with a malicious macro that is capable of executing PowerShell scripts leading to a backdoor payload. One notable difference in the analyzed samples is that they do not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.

    The post Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor appeared first on .

  • June Patch Tuesday: Microsoft Addresses DNS-related Vulnerability, Adobe Patches Critical Flash Player Flaw -

    This month’s Patch Tuesday entry patched a number of critical vulnerabilities from Microsoft and Adobe, including a DNS-related vulnerability, CVE-2018-8225 and a critical Flash Player vulnerability, CVE-2018-5002.

    The post June Patch Tuesday: Microsoft Addresses DNS-related Vulnerability, Adobe Patches Critical Flash Player Flaw appeared first on .

  • How Machine Learning Techniques Helped Us Find Massive Certificate Abuse by BrowseFox -

    By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC. BrowseFox is a marketing adware plugin that illicitly injects pop-up ads and discount deals. While it uses a legitimate software process, the adware plugin may be exploited...

    The post How Machine Learning Techniques Helped Us Find Massive Certificate Abuse by BrowseFox appeared first on .

  • Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G -

    Already a vital part of the critical infrastructure of the internet, satellites are set to take on a more significant role with the emergence of 5G cellular network technology and the continuing expansion of the internet of things (IoT). While terrestrial networks handle peak load well, disaster handling and critical infrastructure scenarios are served well by satellites, which are unaffected by most ground-based events. Ensuring the security of satellites, therefore, acquires even greater importance and warrants more initiatives to that end.

    The post Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G appeared first on .

  • New KillDisk Variant Hits Latin American Financial Organizations Again -

    In January, we saw a variant of the disk-wiping KillDisk malware hitting several financial institutions in Latin America. One of these attacks was related to a foiled heist on the organization’s system connected to the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.

    Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk. This kind of notification is common in systems affected by MBR-wiping threats and not in other malware types such as ransomware, which some people initially believed to be the culprit. Trend Micro products detect this threat as TROJ_KILLMBR.EE and TROJ_KILLDISK.IUE.

    The post New KillDisk Variant Hits Latin American Financial Organizations Again appeared first on .

  • Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks -

    The ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS) is an avenue for cybersecurity research breakthroughs, techniques, and tools. At the ACM ASIACCS 2018 in Incheon, South Korea, we presented our research using DefPloreX-NG, a tool for identifying and tracking web defacement campaigns using historical and live data. “DefPloreX-NG” is a play on the phrase “defacement explorer.” The appended “NG” acronym means “Next Generation,” signifying improvements from the previous version of the tool. DefPloreX-NG is equipped with an enhanced machine learning algorithm and new visualization templates to give security analysts and other professionals a better understanding of web defacement campaigns.

    The post Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin