Spyware Security » Backdoor

BKDR_POISON: More Challenges Ahead

admin — Fri, 03 Feb 2012 10:02:30 +0000

Last year, the security industry was plagued by a series of APT reports, which included the “Nitro Attack”. The backdoor used here is known as PoisonIvy or BKDR_POISON. Its builder is available online. Security vendors have then taken measures to counter this threat to help customers battle against similar infections in the future. However, [...]

NGOs Targeted with Backdoors

admin — Mon, 02 Jan 2012 03:01:56 +0000

We have found evidence that the human rights organization found affected by a website compromise is not the only intended target for the attack. The website was said to have an iframe that redirected users to another compromised site in Brazil. The site executed a malicious Java applet detected as JAVA_DLOAD.ZZC. JAVA_DLOAD.ZZC leverages a [...]

Adobe Zero-day Vulnerability Installs Backdoor – Another Targeted Attack?

admin — Wed, 14 Dec 2011 22:12:41 +0000

When I read this blog entry a few days ago, the first question that entered my head was, “Is this another targeted attack?”. I took a look at the .PDF discussed in the entry and it appeared to be a document addressed to employees of a certain defense contractor. Trend Micro products detect this [...]

Backdoor Snoops on Skype, MSN, and Yahoo! Messenger

admin — Tue, 11 Oct 2011 20:10:27 +0000

We recently came across reports about a hacker group that was able to detect a backdoor which was found capable of monitoring online activities and recording calls when using Skype. However, apart from its routines, it garnered media attention because of its claims that the discovered backdoor may be used by German Law Enforcement. The [...]

Android Malware Uses Blog Posts as C&C

admin — Wed, 05 Oct 2011 00:10:17 +0000

Newer and more complicated Android malware is expected along with the rising number of malicious Android applications, and a new backdoor that we were able to analyze proves that malware for the Android platform is continuously improving in performance, using new techniques to thwart analysis, and avoid detection. This Android malware, which Trend Micro detects [...]

Trojanized Security Tool Serves as Backdoor App

admin — Thu, 10 Mar 2011 20:03:18 +0000

I recently posted a report about the Trojanized applications which were found in the Android Market. About fifty repackaged versions of legitimate apps were pulled from the Android Market after being found infected with AndroidOS_LOTOOR.A. AndroidOS_LOTOOR.A steals mobile device information, as well as gives unauthorized users root access to an infected device. As course of [...]

Router-Compromising Malware in Latin America

admin — Thu, 10 Mar 2011 10:03:06 +0000

TrendLabsSM is currently taking a look at an interesting .ELF file that is actually an IRC backdoor program. We initially found some code suggesting that it performs brute-force attacks on router user name-password pairs. This malware is predominantly found in Latin America but we are also checking the extent of infection in other regions. The attacks [...]

Backdoor Uses Ichitaro Vulnerability To Spread

admin — Thu, 04 Nov 2010 08:11:05 +0000

Vulnerabilities (designated as CVE-2010-3915 and CVE-2010-3916) have been found in the popular Japanese-language word processor Ichitaro. If exploited, a specially crafted JTD document could be used to drop and execute files. Files exploiting these vulnerabilities are detected as TROJ_TARODRP.SM. Currently, the payload of the attacks using this vulnerability is a dropper detected as TROJ_DROPPER.QVA. It [...]

The Malicious Intent of the “Here You Have” Mail Worm, Part 2

admin — Tue, 26 Oct 2010 08:10:05 +0000

Previously, we discussed the “Here You Have” mail attack and the associated malware, WORM_MEYLME.B. Today, let’s look into the backdoor payload, BKDR_BIFROSE.SMU. The “Here You Have” payload: A powerful backdoor Not all backdoor applications are created equal. As such, it can be said that the cybercriminals behind WORM_MEYLE.B deliberately opted to use a BIFROSE backdoor [...]

Backdoors in Twitter, Now in Arabic

admin — Wed, 30 Jun 2010 09:06:44 +0000

Twitter is becoming a common medium to spread spam, malware and all kinds of badness. Just a few weeks ago, we wrote about FIFA and the Gaza attacks being used as social engineering leverage by Trojan creators, and there are no signs of them stopping any time soon. Over the past two weeks, several Twitter [...]