Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication -

    Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.

    The post Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication appeared first on .

  • New Andariel Reconnaissance Tactics Hint At Next Targets -

    Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets' systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

    The post New Andariel Reconnaissance Tactics Hint At Next Targets appeared first on .

  • VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities -

    This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.A, ELF_VPNFILT.B, ELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

    The post VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities appeared first on .

  • July Patch Tuesday: Large Adobe Security Update and Patches for 18 Critical Microsoft Vulnerabilities -

    Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.

    The post July Patch Tuesday: Large Adobe Security Update and Patches for 18 Critical Microsoft Vulnerabilities appeared first on .

  • Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor -

    by Loseway Lu Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to make them more effective. The threat actors behind a recent case used macro in a more roundabout way, with a macro that searches for specific shortcut files in the user’s system, which...

    The post Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor appeared first on .

  • Down but Not Out: A Look Into Recent Exploit Kit Activities -

    Exploit kits may be down, but they’re not out. While they're still using the same techniques that involve malvertisements or embedding links in spam and malicious or compromised websites, their latest activities are making them significant factors in the threat landscape again. This is the case with Rig and GrandSoft, as well as the private exploit kit Magnitude — exploit kits we found roping in relatively recent vulnerabilities to deliver cryptocurrency-mining malware, ransomware, botnet loaders, and banking trojans.

    The post Down but Not Out: A Look Into Recent Exploit Kit Activities appeared first on .

  • The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors -

    by Anita Hsieh, Rubio Wu, Kawabata Kohei Six years after it was first spotted in the wild, the Necurs malware botnet is still out to prove that it’s a malware chameleon.  We recently discovered noteworthy changes to the way Necurs makes use of its bots, such as pushing infostealers on them and showing a special...

    The post The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors appeared first on .

  • Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site -

    Our honeypot sensors, which are designed to emulate Secure Shell (SSH), Telnet, and File Transfer Protocol (FTP) services, recently detected a mining bot related to the IP address 192.158.228.46. The address has been seen to search for both SSH- and IoT-related ports, including 22, 2222, and 502. In this particular attack, however, the IP has landed on port 22, SSH service. The attack could be applicable to all servers and connected devices with a running SSH service.

    The post Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site appeared first on .

  • Necurs Poses a New Challenge Using Internet Query File -

    Our last report on the Necurs botnet malware covered its use of an internet shortcut or .URL file to avoid detection, but its authors seem to be updating it again. Current findings prove that its developers are actively devising new means to stay ahead of the security measures meant to thwart it. This time, the new wave of spam from this botnet is using the internet query file IQY to evade detection.

    The post Necurs Poses a New Challenge Using Internet Query File appeared first on .

  • Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware -

    We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. While these attacks currently deliver resource-stealing and system performance-slowing malware, the vulnerability can be used as a doorway to other threats.

    The post Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin