Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide -

    We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.

    The post Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide appeared first on .

  • Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C -

    We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign's techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT).

    The post Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C appeared first on .

  • Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks -

    In our analysis, we observed that a user account with less privilege can gain administrator rights over the automation server if jobs are built on the master machine (i.e., the main Jenkins server), a setup enabled by default. An exploit for this can be easily written using shell spawn — a default build step. If an exploit is successfully deployed, an attacker can perform remote code execution (RCE) on the master, which can result to Jenkins being completely overwritten.

    The post Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks appeared first on .

  • SLUB Gets Rid of GitHub, Intensifies Slack Use -

    We discovered a new version of SLUB delivered via another unique watering hole website. This malicious site used CVE-2019-0752, an Internet Explorer vulnerability discovered by Trend Micro’s Zero Day Initiative (ZDI) that was just patched this April. This is the first time we found this exploit used in the wild. This new version of the SLUB malware has stopped using GitHub as a way to communicate, heavily using Slack instead via two free workspaces.

    The post SLUB Gets Rid of GitHub, Intensifies Slack Use appeared first on .

  • iOS URL Scheme Susceptible to Hijacking -

    Abuse of the iOS URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.

    The post iOS URL Scheme Susceptible to Hijacking appeared first on .

  • New Miori Variant Uses Unique Protocol to Communicate with C&C -

    Miori has recently reappeared bearing a notable difference in the way it communicates with its C&C server. This Miori variant departs from the usual binary-based protocol and uses a text-based protocol to communicate with its C&C.

    The post New Miori Variant Uses Unique Protocol to Communicate with C&C appeared first on .

  • July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including 2 Exploited Vulnerabilities -

    Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.

    The post July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including 2 Exploited Vulnerabilities appeared first on .

  • Powload Loads Up on Evasion Techniques -

    By sifting through six months’ worth of data (Jan-Jun 2019) covering over 50,000 samples from the Trend Micro™ Smart Protection Network™ infrastructure, we managed to gain insight into how Powload has incorporated new techniques to increase its effectiveness, especially in its ability to hide from detection.

    The post Powload Loads Up on Evasion Techniques appeared first on .

  • Anubis Android Malware Returns with Over 17,000 Samples -

    The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information theft and ransomware-like routines. In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information.

    The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples.

    The post Anubis Android Malware Returns with Over 17,000 Samples appeared first on .

  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi -

    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.

    This blog post covers the updates from TA505’s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June. We also analyzed a new malware tool named Gelup(detected by Trend Micro as Trojan.Win32.GELUP.A), which we saw the group use in one of the campaigns on June 20.

    The post Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin