Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • A Look at Locky Ransomware’s Recent Spam Activities -

    Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. Our detections show that it's making another comeback with new campaigns.

    A closer look at the file-encrypting malware’s activities reveals a constant: the use of spam. While they remain a major entry point for ransomware, Locky appears to be concentrating its distribution through large-scale spam campaigns of late, regardless of the variants released by its operators/developers.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    A Look at Locky Ransomware’s Recent Spam Activities

  • Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware -

    A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware payload—in favor of Magniber. Magnitude now also appears to have become an exploit kit expressly targeting South Korean end users.

    The Magnitude exploit kit, which previously had a global reach, was offered as a service in the cybercriminal underground as early as 2013. It then left the market and became a private exploit kit that mainly distributed ransomware such as CryptoWall. At the start of the second half of 2016, Magnitude shifted focus to Asian countries, delivering various ransomware such as Locky and Cerber. More recently though, we noticed that Magnitude underwent a hiatus that began on September 23, 2017, and it then returned on October 15. With help from Kafeine and malc0de, we were able to uncover Magnitude’s new payload, Magniber.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware

  • New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail -

    by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that...

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail

  • A Closer Look at North Korea’s Internet -

    This blog post summarizes our findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses. It will also cover spam waves that originate in part from spambots in the country, DDoS attacks against North Korean websites and their relation to real-world events, as well as recurring watering hole attacks on North Korean websites.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    A Closer Look at North Korea’s Internet

  • From Cybercrime to Cyberpropaganda -

    A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime. We’ve come across a case where a cybercriminal based in Libya turned from cybercrime to cyberpropaganda. This highlights how the cybercrime underground in the Middle East/North African region (covered in our paper titled Digital Souks: A Glimpse into the Middle Eastern and North African Underground) can expand their activity into areas beyond their original area of expertise.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    From Cybercrime to Cyberpropaganda

  • Microsoft’s October Patch Tuesday Fixes 62 Vulnerabilities, including an Office Zero-Day -

    Microsoft’s Patch Tuesday for October addresses 62 vulnerabilities, 27 of which are critical and 35 important in terms of severity; many of these flaws can lead to remote code execution (RCE). Microsoft’s fixes are patches for features in the Windows operating system (OS) and Microsoft Office (including Office Web Apps), Skype for Business, Edge, Internet Explorer (including the Chakra Core browser engine), Exchange Server, and .NET development framework, among others. As per Microsoft’s previous advisories, this month’s Patch Tuesday also marks the end of support and patches/updates for Office 2007 and Outlook 2007.

    Of note is Microsoft’s fix for CVE-2017-11826, a memory corruption vulnerability in Microsoft Office that was publicly disclosed and reported to be actively exploited in the wild.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Microsoft’s October Patch Tuesday Fixes 62 Vulnerabilities, including an Office Zero-Day

  • WannaCry Ransomware Sold in the Middle Eastern and North African Underground -

    For $50, one could purportedly get a lifetime license to upgradeable variants of WannaCry. We saw this advertisement in an Arabic-speaking underground forum on May 14, two days after WannaCry’s outbreak. Indeed, a threat that left a trail of significant damage in its wake was objectified into a commodity, and even a starting point for others to launch their own cybercriminal businesses.

    WannaCry’s relatively low price also reflects another unique aspect of the Middle Eastern and North African underground: a sense of brotherhood. Unlike marketplaces in Russia and North America, for instance, where its players aim to make a profit, the Middle East and North Africa’s underground scene is an ironic juncture where culture, ideology, and cybercrime meet.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    WannaCry Ransomware Sold in the Middle Eastern and North African Underground

  • Dnsmasq: A Reality Check and Remediation Practices -

    Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Dnsmasq: A Reality Check and Remediation Practices

  • SYSCON Backdoor Uses FTP as a C&C Channel -

    Bots can use various methods to establish a line of communication between themselves and their command-and-control (C&C) server. Usually, these are done via HTTP or other TCP/IP connections. However, we recently encountered a botnet that uses a more unusual method: an FTP server that, in effect, acts as a C&C server.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    SYSCON Backdoor Uses FTP as a C&C Channel

  • Business Process Compromise and the Underground’s Economy of Coupon Fraud -

    The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year. And where there’s money to be made, there are cybercriminals rustling up schemes to take advantage of it. Unsurprisingly, that was the case when it comes to coupon fraud, which we found to be rife and thriving in the underground.

    What does coupon fraud mean for businesses? In 2012, major manufacturers were victimized by counterfeit coupons, with one consumer goods corporation pegging its losses to around $1.28 million. Another coupon fraud scheme almost a decade in the making stole at least $250 million from companies.

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Business Process Compromise and the Underground’s Economy of Coupon Fraud

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin