會員 | 五月惡意程式回顧(TrendLabs Malware Blog) May Malware Roundup June 13th, 2007 by Ryan Flores May was a relatively quiet month. Except for the slew of TROJ_ARTIEF targetted attacks the last week of May, no other notable malwares were discovered. For this round-up, we’ll recap the malwares that were able to capture our attention, even for a while. Regional Attacks While there were’nt much region-specific malware caught in the wild, one IM worm was found to send Spanish text to YM contacts, advertising a dance video of President Bush. This maybe targetted to the fairly large Hispanic Americans, or is riding on “So You Think You Can Dance”’s popularity, or both? Malwares that hit it big WORM_SOBER.AX is probably the malware with the largest infection count last May. Although the worm propagated slowly, just the fact that it was able to continously infect several computers in a period that lasted for a couple of weeks may usher in a new model of future worm malwares. With all security vendors trained to spot fast spreading worms and updating their signatures in a matter of a few hours, worms that fly just under that radar may have more success in the wild than those replicating like bunnies. Web-based Threats One of the most interesting aspects of web-based threats is the ingenious use of social engineering by malware authors. As expected, the social aspect of malware threats found last May did not disappoint. For one, we discovered a phishing Trojan pretending to be a Microsoft’s Security Center console. A recent JS_FEEBS run made use of an associated Russian site to host additional malware. And while in search for additional malwares, we saw Google’s site rating and blocking at work by automatically blocking several TROJ_ANI related sites on it’s results page. Of course, known TROJ_ANI related sites are automatically blocked by Trend Micro’s Web Blocking services. Lastly, a concrete connection between typo-squatting and malware hosting was established through the help of Sunbelt. Their list of Italian typo-squatters were found to be associated through a variety of ways to TROJ_ZLOB hosting sites. Vulnerabilities and Exploits Though there were no new exploits discoved in the wild last May, we’ve seen several malwares creatively use application functionalities for malicious purposes. One example of this is VBS_BADBUN. This malware is capable to infect multiple operating systems running StarOffice by using its macro functionality (much like MS Office’s macro), thereby elevating the risk for malware infection OS previously deemed “safe”, such as Mac and Linux. This is only the second malware to use StarOffice as platform, the first one being XML_DUSTAR.A discovered last year. In what seems to be a highly targetted attack (it is reported that only top level executives were targetted by this attack), TROJ_ARTIEF arrives embedded inside a Word RTF file, this method improves it’s social engineering trick of pretending to be a valid e-mail from the BBB or the IRS. *The two examples mentioned above are not vulnerabilities or exploits per se since they are not results of bad programming practices. Rather, the methods mentioned above are a result of insecure software design (or design oversight) that allows the use of such functionalities for malicious purposes. |
回覆 |
|
類似的主題 | ||||
主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
【軟體】Anti-Malware 15款防毒軟體解毒測試 | 天氣預報 | -- 防 駭 / 防 毒 版 | 0 | 2007-09-28 12:35 AM |
趨勢的 Malware Blog | harry_chang2003 | -- 防 駭 / 防 毒 版 | 0 | 2007-06-15 08:46 PM |
Microsoft Malware Protection Center | ㄚ一 | -- 防 駭 / 防 毒 版 | 0 | 2007-04-28 10:00 PM |
malware-test防毒軟體偵測率測試 | harry_chang2003 | -- 防 駭 / 防 毒 版 | 49 | 2006-12-13 11:53 PM |
【轉貼】一篇 Anti-adware 對 malware 的研究 | baba_yu | -- 防 駭 / 防 毒 版 | 3 | 2005-03-11 01:08 AM |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。