TrendLabs - Malware BlogThe popular photosharing app Instagram is the latest social networking site targeted by the ubiquitous survey scams seen on Facebook and Twitter. This time, we found that these survey scams may also lead users to download an Android malware. I found the following accounts who wanted to ‘follow’ me on Instagram. This is the standard [...]
TrendLabs - Malware BlogLast week’s OpUSA attacks resulted with no high-profile sites knocked offline, and damage limited to relatively unknown sites compromised and defaced. Still, the attack did show how hackers operate and “claim” their results in high-profile hacking “operations” like OpUSA. Using information provided both by the Smart Protection Network and the attackers themselves (via Pastebin), we [...]
TrendLabs - Malware BlogIT administrators and the likes are expected to have a long day today, as Microsoft releases its security bulletin for May that resolves 33 vulnerabilities. Though this is not Microsoft’s biggest release (April 2011′s 17 bulletins addresomg 64 vulnerabilities come to mind), it is crucial for users to apply these security updates, which include a [...]
TrendLabs - Malware BlogApp developers often include ads on their applications to increase revenue. These ads feature enticing titles or blurbs to surge more user hits. Typically, clicking these ads either prompt users to download an app or be redirected to a web page. However, cybercriminals who never run out of new ways to spread their deeds, could [...]
TrendLabs - Malware BlogLast April 23 – 25, I attended the seventh Counter eCrime Operations Summit (CeCOS VII) initiated by the Anti-Phishing Working Group (APWG). This year, the conference was held in Buenos Aires, Argentina. Security experts from Japan, Paraguay, Brazil, North America, Russia, and India flew to the South American city to discuss about the developments in [...]
TrendLabs - Malware BlogRecent incidents highlight how frequently – and creatively – cybercriminals try to steal data. From “homemade browsers” to million-user data breaches, to the daily theft carried out every day by infostealers and phishing attacks, every day. All this stolen information ends up for sale in the underground to the highest bidder. From there, it can [...]
TrendLabs - Malware BlogWhile looking into recent reports about the Winnti malware family, we discovered another backdoor which was built using similar techniques and has other similarities as well. It is also possible that it is being used in similar targeted attacks. We found this particular threat via feedback provided by the Smart Protection Network; we detect it [...]
TrendLabs - Malware BlogCybercriminals in Brazil appear to have come up with a new tactic to lure users into giving up their login information. A few days ago, we found a post on a Brazilian forum offering a browser that could access the website of the Banco do Brasil without using the needed security plugin. Figure 1. Homemade [...]
TrendLabs - Malware BlogLast month, an article in Dark Reading by Robert Lemos asked if it was “Time To Dump Antivirus As Endpoint Protection?“. It referenced a recent Google research paper that outlined their new reputation technology called CAMP (short for Content-Agnostic Malware Protection), which they claim protects against 98.6% of malware downloaded via their Chrome browser, as [...]
TrendLabs - Malware BlogAutoIt is a very flexible coding language that’s been used since 1999 by coders looking for a fast, easy, and flexible scripting language in Windows. From simple scripts that change text files to scripts that perform mass downloads with complex GUIs, AutoIt is an easy-to-learn language that allows for quick development. The trend for malicious [...]
Sign up now »
The lightest, fastest, easiest-to-manage, and most effective endpoint protection.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.