Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware -

    We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infecting Microsoft Word’s Normal template (normal.dot template) upon which all new, blank Word documents are based.

    Further scrutiny into qkG also shows it to be more of an experimental project or a proof of concept (PoC) rather than a malware actively used in the wild. This, however, doesn’t make qkG less of a threat.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware

  • October macOS Patch Fixes FAT/USB Vulnerability -

    October’s macOS security update contained a fix for a vulnerability that Trend Micro privately disclosed to Apple earlier this year. The vulnerability (designated as CVE-2017-13811), was in the fsck_msdos system tool. This tool checks for and fixes errors in devices formatted with the FAT filesystem, and is automatically invoked by macOS when a device using FAT (such as a USB disk or an SD card) is inserted.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    October macOS Patch Fixes FAT/USB Vulnerability

  • Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks -

    The waves of backdoor-laden spam emails we observed during June and July that targeted Russian-speaking businesses were part of bigger campaigns. The culprit appears to be the Cobalt group, based on the techniques used. In their recent campaigns, Cobalt used two different infection chains, with social engineering hooks that were designed to invoke a sense of urgency in its recipients—the bank’s employees.

    Of note were Cobalt’s other targets. The hacking group's first spam run also targeted a Slovenian bank, while the second run targeted financial organizations in Azerbaijan, Belarus, and Spain.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks

  • New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis -

    We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude...

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis

  • November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange -

    Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.

    Abusing DDE isn’t new, but the method has made a resurgence with reports of cyberespionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange

  • Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices -

    Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable global market for stolen mobile phones—and by extension, iCloud fraud. From Ireland and the U.K. to India, Argentina, and the U.S., the demand for unlocking services for stolen phones is staggering: last year, stolen iPhones were sold in Eastern European countries for as much as US$2,100. In the U.S. 23,000 iPhones from the Miami International Airport, valued at $6.7 million, were stolen last year.

    The fraudsters’ attack chain is relatively straightforward. They spoof an email or SMS from Apple notifying victims that their device has been found. The eager victim, wanting their phone back, clicks on the link that will compromise their iCloud credentials, which is then reused to unlock the stolen device. The thieves will then subcontract third-party iCloud phishing services to unlock the devices. These Apple iCloud phishers run their business using a set of cybercriminal tools that include MagicApp, Applekit, and Find My iPhone (FMI.php) framework to automate iCloud unlocks in order to resell the device in underground and gray markets.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices

  • Toast Overlay Weaponized to Install Several Android Malware -

    We uncovered new Android malware that can surreptitiously install other malware on the affected device via the Toast Overlay attack: TOASTAMIGO, detected by Trend Micro as ANDROIDOS_TOASTAMIGO. The malicious apps, one of which had over 500,000 installs as of November 6, 2017, abuses Android’s Accessibility features, enabling them—at least for now—to have ad-clicking, app-installing and self-protecting/persistence capabilities.

    Overlay attacks entail drawing and superimposing Android View (i.e., images, buttons) atop other running apps, windows or processes. A typical scenario for a Toast Overlay attack is to employ it to trick the user into clicking a window or button specified by the attacker instead of the legitimate one. The technique, which was demonstrated earlier this year, leverages a vulnerability in Toast (CVE-2017-0752, patched last September), a feature in Android used to display notifications over other applications.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Toast Overlay Weaponized to Install Several Android Malware

  • REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography -

    REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by Trend Micro as BKDR_DASERF, otherwise known as Muirim and Nioupale) that has four main capabilities: execute shell commands, download and upload data, take screenshots, and log keystrokes.

    Our recent telemetry, however, indicates that variants of Daserf were not only used to spy on and steal from Japanese and South Korean targets, but also against Russian, Singaporean, and Chinese enterprises. We also found various versions of Daserf that employ different techniques and use steganography—embedding codes in unexpected mediums or locations (i.e., images)—to conceal themselves better.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography

  • ChessMaster’s New Strategy: Evolving Tools and Tactics -

    A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with notable evolutions in terms of new tools and tactics that weren't present in the initial attacks.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    ChessMaster’s New Strategy: Evolving Tools and Tactics

  • App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant -

    We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain features to make iXintpwn/YJSNPI more difficult to uninstall.

    We recently discovered a new variant of iXintpwn/YJSNPI (detected by Trend Micro as IOS_YJSNPI.A) that uses a signed profile to conduct different attacks compared to its predecessor. IOS_YJSNPI.A is extracted from either of the two app stores—hxxp://m[.]3454[.]com and hxxp://m[.]973[.]com. Based on our analysis, this new variant’s main purpose is not to damage users’ operating systems, but to lure users into downloading repackaged apps.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin