Trend Micro has broadened its cloud-based security infrastructure so that its products can receive actionable threat intelligence that lets the security software act like a “virtual shield” against many web-based threats. View full post on Techworld.com security
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security
The malware, identified as TSPY_BANKER.EUIQ, redirects users to spoofed banking Web sites.
View full post on eSecurityPlanet RSS Feed
View full post on National Cyber Security
IT managers who grapple with Bring Your Own Device (BYOD) policies can expect to see an explosion of different devices used by their workers in the next few years.
View full post on Computerworld Security News
View full post on National Cyber Security » Announcements
The wave of ‘police Trojan’ ransomware that has hit PC users across the developed world in the last year is probably the work of a single highly-active Russian cybercrime gang, a forensic analysis by Trend Micro has concluded.
First detected in 2011, there have been numerous police ransom attacks in which infected users are presented with what appears to be a police force splash screen demanding a 100 euro fine for accessing Internet porn or violent material.
A typical example would be last September’s scam in which the criminals impersonated the Metropolitan Police’s Central e-crime Unit (PCeU) with reports of identical attacks manipulating other EU police forces around the same time.
The backdoor and Trojan malware that hits users is not particularly sophisticated beyond the basic technique of locking the user’s PC while disabling Windows processes such as regedit.exe and msconfig.exe and as a way of discouraging manual bypass attempts.
The real innovation lies in the command and control (CC) infrastructure which is able to localise the attack to a high degree, varying the police threat screens to display different law enforcement organisations depending on the detected country of the victim.
Trend found that the gang had been targeting Germany, the UK, France, Austria, Italy, Belgium, Spain, while so far ignoring all others countries.
Now Trend has connected these attacks to a single organisation after following the evidence trail back to a ‘bulletproof’ Russian hosting provider, Alliance-host.ru, and a string of command and control servers scattered across the US and Europe. The connections to Russia itself were intricate and compelling.
The gang also appeared to have been involved in older campaigns featuring fake antivirus scams, bank keylogging Trojans such as Zeus and Carberp and the formidable TDSS rootkit believed to have formed a botnet several million strong.
Another connection Trend detected was to that the gang could be affiliated to Rove Digital, the Estonian crimeware gang that used the DNSchanger malware to infect millions more PCs before it was disrupted last September.
Cleverly, the gang has also signed up its own affiliates to host the malware that also serve porn, neatly dovetailing with the gang’s aim of frightening infected users for accessing the same material.
“In sum, we are looking at a Russian-speaking cybercriminal gang with a dynamic network infrastructure that probably uses an affiliate network to help spread the ransomware Trojan and infect as many people’s systems as possible,” Trend said.
Only weeks ago, Trend published figures showing how ransomware infections in general have spread from their home territory of Russia to many other countries.
Ransom malware has been around since at least 2006, but only recently has it morphed into a phenomenon causing significant damage, with police Trojans probably at the leading edge of this trend. Historically, these emerged in 2010 from fake antivirus campaigns that mixed persuasion (‘you have a virus on your PC’) with threats (‘you will pay us to remove it’).
View full post on National Cyber Security » Computer Hacking
ProtectMyID: The good news: the #FTCSentinel reports that credit card #fraud continues to trend downward. Total credit card fraud is down 17.6% since…
View full post on Twitter / ProtectMyID
View full post on National Cyber Security
Security vendor Trend Micro has been tracking a hacking campaign called Luckycat that has been linked to 90 attacks, including some aimed at Tibetan activists, and has tied it to a group based in China, the company said in a report published on Thursday.
The Luckycat campaign, which has been active since at least June 2011, has been connected with attacks against targets in Japan and India as well, according to Trend Micro. Industries targeted include military research, aerospace and energy, it said.
To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro’s report.
The security company was able to connect an email address used to register one of the group’s command-and-control servers to a hacker in the Chinese underground community.
The hacker has been using aliases “dang0102″ or “scuhkr” and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.
The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China’s leading Internet portal company, The New York Times reported on Thursday.
There are more signs pointing to China as the origin of the Luckycat campaign. The language settings of the attackers’ computers indicate that they are Chinese speakers, according to Trend Micro. The work done by the hacker group was first documented earlier this month by Symantec, which showed that the hackers used IP addresses allocated to China, Trend Micro said.
The targeted nature of the attacks is no isolated occurrence. The number of targeted attacks has dramatically increased, Trend Micro said.
To better protect themselves, enterprises need to use a mixture of technology and education, according to Trend Micro. Apart from patch management, endpoint and network security, enterprises should also focus on detecting and mitigating attacks, the company said.
But an enterprise’s defense is only as good as its employees. People trained to expect targeted attacks are better positioned to report potential threats and can become an important source of threat intelligence.
Article source: http://www.pcworld.com/businesscenter/article/252919/trend_micro_unearths_more_links_between_china_and_hacker_group.html
View full post on National Cyber Security » Computer Hacking
Security teams need to innovate and adapt to cloud, according to CISO panel
View full post on SearchCloudSecurity: RSS Feed
View full post on National Cyber Security
Reuters – Anti-virus software maker Trend Micro Inc has hired a prominent expert on cybersecurity policy to help boost its sales to the U.S. government.
View full post on Yahoo! News: Security News
View full post on National Cyber Security
Trend Micro today announced Deep Discovery, a threat detection tool designed to monitor network traffic in order to detect signs of stealthy attacks aimed at stealing corporate data.
Deep Discovery is intended to focus on the question, “Is there human attacker activity in the network?” says Kevin Faulkner, senior enterprise product marketing manager at Trend Micro.
He acknowledges Deep Discovery in large part represents a wholesale re-engineering of what Trend Micro previously called its Threat Management System, released last year. “It was rebuilt from the ground up,” says Faulkner, noting that more than 500 business customers are now using it.
Some of the ways in which Deep Discovery is different from the past, he says, is it now has three times the processing power and takes what was a cloud-based management console, moving it out of the cloud and putting that console and analysis functions into the physical form that’s now installed on the customer premises.
“Our customers didn’t want this management running in cloud,” says Faulkner. The product also has a security sandboxing feature that can allow malware to be safely detonated and observed.
Available as an appliance or software, the roadmap for further development of Deep Discovery includes giving it a capability to identify and track mobile devices and tell what apps they’re accessing when their users have been granted access to the corporate network. Other roadmap goals, which should make it into the next release later this year, include templates for data loss prevention so that sensitive information, such as Payment Card Industry cardholder data, for example, could be flagged if it appears to be traversing the network inappropriately.
With Deep Discovery, Trend Micro roughly aims to compete against the NetWitness threat analysis product, which was acquired by RSA, the security division of EMC. Today, RSA also announced an expansion to the NetWitness Live 2.1 service of automated threat intelligence feeds intended to be correlated in the NetWitness appliance to deliver actionable information.
According to Sam Curry, chief technology officer for identity and protection at RSA, the NetWitness Live service, which operates around the clock, aggregates relevant threat intelligence from more than 100 sources. Some of the new data sources include the RSA CyberCrime Intelligence service and the RSA eFraud Network, which are said to together aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide.
New third party intelligence feeds include VeriSign Threat Indicators and Critical Intelligence. For malware analysis, NetWitness Spectrum Live gains feeds from Bit9 and ThreatGRID.
View full post on National Cyber Security » Computer Hacking
CUPERTINO, Calif., Feb. 17, 2012 /PRNewswire/ – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, today announced the release of HijackThis as an open source application.
HijackThis – http://en.wikipedia.org/wiki/Hijackthis – scans your computer to find settings changed by spyware, malware or other unwanted programs. HijackThis also generates an in-depth report to enable expert users to analyze and fix an infected computer. Several security communities use HijackThis log files to help users evaluate and eradicate infections. A common practice for novice users is to generate a HijackThis log file and submit it to one of the many forums devoted to HijackThis on the web. Experts at these forums provide information on which items are causing your problems and how to remove them safely from your computer.
The code, originally written in Visual Basic, is now officially available at http://sourceforge.net/projects/hjt/.
“This means that other people can build on a solid base to create or improve their own anti-malware tools,” said Merijn Bellekom, the original creator of HijackThis.
Trend Micro has offered HijackThis as a free tool since acquiring the antispyware freeware tool from its Netherlands-based creator, Merijn Bellekom in 2007. By then, it had already been downloaded more than 10 million times and was often used to submit logs to online discussion and help forums, such as Castlecops.com, Majorgeeks.com and Spywareinfo.com, to elicit comments that could help in cleaning infected desktops
“HijackThis was an essential tool at CastleCops, so much so that there were forums, web applications and services dedicated to it, answering questions posed from the data collected about files and registry entries. Hands down, HijackThis was vital to the health of a PC providing needed data that helped experts clean machines from complicated malware infections. Enabling the open source community with source code for the powerful tool HijackThis shows the commitment Trend Micro has toward advancing security and privacy. The OSS framework provides people with an opportunity to help others in a rich and diverse environment, and this ensures that HijackThis will continue building on its strength in serving the community,” said Paul Laudanski, Founder, Castlecops.com
Trend Micro will continue to maintain the original source code and will update the base code on SourceForge as developers make modifications that are essential and positive to the continued improvement of this code. As new malicious code is released faster than ever before, the need for analyzing log data to identify new malicious code is more important than ever. Through this offer to the open source community, the product has the opportunity to develop and become an even better solution to quickly identify new malicious code.
“HijackThis moving to open source is a really exciting stage for this tool and a big thanks to Trend Micro for bringing this tool back to life. HijackThis was once the most used tool for enumerating Windows startup programs and quickly identifying the presence of malware. Moving HijackThis to open source will prompt more rapid releases and also allow more people to be involved in the project so that it is able to keep pace with current infection techniques,” said Larry Abrams, Owner and Founder of BleepingComputer.com.
About Trend Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
Additional information about Trend Micro Incorporated and its products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://NewsRoom.TrendMicro.com and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.
Article source: http://finance.yahoo.com/news/trend-micro-releases-hijackthis-source-160000349.html
View full post on National Cyber Security » Spyware/ Cyber Snooping