TrendLabs - Malware BlogTypically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line (see [...]
TrendLabs - Malware BlogThe notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In our 2013 Security Predictions, we predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this [...]
TrendLabs - Malware BlogSince its initial release in February 2012 the Raspberry Pi – a very inexpensive, palm-sized computer meant to help teach computer science in schools – has become a favorite of hobbyists, makers, and tech enthusiasts everywhere. Why wouldn’t it be? The Raspberry Pi offers tinkerers a very low-cost (both to buy and to run) computer [...]
TrendLabs - Malware BlogLast March, I blogged about the Andromeda, a well-known botnet that surfaced in 2011 and is making a comeback this year. Just months after my report, we are still seeing notable activities from the said botnet, in particular a sudden boost of GAMARUE variants last week. The Andromeda botnet is a spam botnet that delivers [...]
TrendLabs - Malware BlogIn the process of investigating and analyzing targeted attacks, we have seen that attacks which may not be related at first glance may in fact be linked; conversely attacks that may seem unrelated may turn out to be connected. Knowing which is which can provide useful information in determining how to respond to an attack. [...]
TrendLabs - Malware BlogThe Blackhole Exploit Kit (BHEK) spam run has already assumed various disguises during its course. Some variants have taken various forms, such as official bank notice, cable provider email update, social networking email, and fake courier notification. Lately, we have seen a slew of spam crafted as a notice from the popular retail chain Walmart. [...]
TrendLabs - Malware BlogWith added text by Threat Researcher Nart Villeneuve Whether considered advanced persistent threats (APTs) or malware-based espionage attacks, successful and long-term compromises of high-value organizations and enterprises worldwide by a consistent set of campaigns cannot be ignored. Because “noisier” campaigns are becoming increasingly well-known within the security community, new and smaller campaigns are beginning to [...]
TrendLabs - Malware BlogThe popular photosharing app Instagram is the latest social networking site targeted by the ubiquitous survey scams seen on Facebook and Twitter. This time, we found that these survey scams may also lead users to download an Android malware. I found the following accounts who wanted to ‘follow’ me on Instagram. This is the standard [...]
TrendLabs - Malware BlogLast week’s OpUSA attacks resulted with no high-profile sites knocked offline, and damage limited to relatively unknown sites compromised and defaced. Still, the attack did show how hackers operate and “claim” their results in high-profile hacking “operations” like OpUSA. Using information provided both by the Smart Protection Network and the attackers themselves (via Pastebin), we [...]
TrendLabs - Malware BlogIT administrators and the likes are expected to have a long day today, as Microsoft releases its security bulletin for May that resolves 33 vulnerabilities. Though this is not Microsoft’s biggest release (April 2011′s 17 bulletins addresomg 64 vulnerabilities come to mind), it is crucial for users to apply these security updates, which include a [...]
Sign up now »
(MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.