malware 썸네일형 리스트형 Malicious XML: Matryoshka Edition A couple of days ago I received another malicious document (078409755.doc B28EF236D901A96CFEFF9A70562C9155). Unlike the XML file I wrote about before, this one does not contain VBA macros:But as you can see, it should contain an embedded object. The base64 code found inside the XML object decodes to an OLE file. The single stream present in this OLE file contains ZLIB compressed data (identifiab.. 더보기 THE OLD IS NEW, AGAIN. CVE-2011-2461 IS BACK! As part of an ongoing investigation on Adobe Flash SOP bypass techniques, we identified a vulnerability affecting old releases of the Adobe Flex SDK compiler. Further investigation traced the issue back to a known vulnerability (CVE-2011-2461), already patched by Adobe in apsb11-25. Old vulnerability, bad luck, let's move on. Not this time. The particularity of CVE-2011-2461 is that vulnerable F.. 더보기 Freshly Patched Flash Exploit Added to Nuclear Exploit Kit We have detected through feedback from the Trend Micro™ Smart Protection Network™ that the Nuclear Exploit Kithas been updated to include the recently fixed Adobe Flash Player vulnerability identified as CVE-2015-0336. We first saw signs of this malicious activity on March 18 this year.This particular vulnerability was only recently fixed as part of Adobe’s regular March update for Adobe Flash P.. 더보기 CryptoWall 3.0 Ransomware Partners With FAREIT Spyware Crypto-ransomware is once again upping the ante with its routines. We came across one crypto-ransomware variant that’s combined with spyware—a first for crypto-ransomware. This development just comes at the heels of the discovery thatransomware has included file infection to its routines.CryptoWall 3.0We first encountered CryptoWall as the payload of spammed messages last year. We noted that whi.. 더보기 Apple 인기를 노리는 인터넷 사기 수법 : 출시 Apple Watch 사기 사이트를 첫 확인 피싱 사이트 및 판매 관련 사기 사이트 등 이른바 '인터넷 사기'가 2014 년을 통해 일반 인터넷 이용자에게 피해를주고 왔습니다. 그 경향은 현재도 계속되고 있지만, 트렌드 마이크로는 계속해서 "Apple"상표에 편승 이용자의 다양한 정보를 노리는 의심스러운 사이트의 존재를 확인하고 있습니다. 특히 2014 년은 Apple 관련 피싱 사이트가 그 전년 2013 년의 3 배 이상 급증 (2013 년 : 약 23,300 건, 2014 년 : 78,300 건)하고, 본 블로그에서도 Apple 관련 피싱 사이트를 도구를 사용하면 간편하게 구축하는 수법에 대해 보고 하고있었습니다. 그림 1 : 2013 ~ 2014 년 Apple 관련 피싱 사이트 수 추이■ 최근 사례 : "Apple Watch」의 발매에 편승 .. 더보기 Operation Woolen-Goldfish: When Kittens Go Phishing Today, we are publishing a research paper on an ongoing operation launched by a threat actor group known as Rocket Kitten.Rocket Kitten CampaignsWe have been able to observe two different campaigns launched by the group, one after the other, which reveal an evolution in the skills of this group.The first of these campaigns has already been exposed at 31C3 by Tillman Werner and Gadi Evron. That c.. 더보기 Zero-Day Vulnerability Found in MongoDB Administration Tool phpMoAdmin phpMoAdmin (short for PHP MongoDB administration tool) is a free and open source MongoDB GUI tool. phpMoAdmin is written in PHP and is a popular administration tool to manage the noSQL database MongoDB.A zero-day remote code execution vulnerability was seen in phpMoAdmin which allows an attacker to execute arbitrary code without requiring any authentication. The vulnerability is a command inject.. 더보기 Samba Remote Code Execution Vulnerability – CVE-2015-0240 The Samba team reported CVE-2015-0240 last February 23, 2015. This vulnerability is very difficult to exploit and we are not aware of successful exploitation. However, it is quite interesting from the point for view of detection. There are two important facts:The vulnerability resides in the Netlogon Remote Protocol implementation of Samba which is a very high-level application protocol that can.. 더보기 XML: A New Vector For An Old Trick October 2014 saw the beginning of an e-mail campaign spamming malicious Microsoft Office documents. Mostly Word documents using the “old” binary format, but sometimes Excel documents and sometimes the “new” ZIP/XML format. All with VBA macros that auto-execute when opened.Yesterday, we started to see XML attachments. You might expect that these attachments open with Internet Explorer when you do.. 더보기 What Happened to You, Asprox Botnet? Earlier this year, @Techhelplistcom reported the spam and landing site infrastructure used to spread Asprox malware switched to porn-related URLs [1]. This started back in mid-January 2015, and I still haven't seen much about it in the open press. Since then, this infrastructure has continued spreading links to pornography or diet-related scams [2] [3].We’re still seeing the malicious emails wit.. 더보기 이전 1 ··· 26 27 28 29 30 31 32 ··· 57 다음