SlideShare ist ein Scribd-Unternehmen logo

New IE Zero-Day Exploit Triggers Info Theft

Trend Micro
Trend Micro

Web Threat Spotlight Issue 60: TrendLabs looks at recent IE6 and IE7 vulnerability and the related MMOG info stealing malware associated with it.

Technologie
1 von 2
Downloaden Sie, um offline zu lesen
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 60 MARCH 29, 2010 New IE Zero-Day Exploit Triggers Info Theft Zero-day vulnerabilities and exploits seem to be a recurring theme in recent months. Several software and browsers received criticism for critical vulnerabilities that were made public. Topping the list is Internet Explorer (IE), which was found to have two separate security vulnerabilities in March alone. The most recent of these zero-day vulnerabilities unfortunately led to several malware detections, which in some instances, paved the way for game-related information theft. The Threat Defined Several news on zero-day vulnerabilities recently made headlines. Just months after the much-publicized IE bug exploit related to the HYDRAQ attacks, a new IE vulnerability prompted Microsoft to release another security advisory to warn its users. Security Advisory (981374) informs users of a vulnerability that exists due to an invalid pointer reference bug within IE, which has been identified as CVE-2010- 0806. This particular bug can be exploited under certain conditions to execute malicious code. The vulnerability primarily affects IE 6 and 7 but does not affect IE 8. Systems using the latest Windows versions—Windows 7 and Server 2008—are likewise automatically immune from this threat since the said OS versions are shipped with IE 8. Unfortunately, systems that came preinstalled with earlier versions of IE can fall prey to several malware detections that exploit the still-unpatched zero-day flaw. Visiting compromised websites using IE 6 or 7 may result in the download of malicious script files that take advantage of the said vulnerability to allow a remote user to access the affected system. To date, Trend Micro has detected several attacks that all Figure 1. CVE-2010-0806 exploit infection diagram begin with a malicious JavaScript file. Two different detections, JS_SHELLCODE.CD and JS_SHELLCOD.JDT, both exploit the vulnerability and attempt to download files. For its part, JS_SHELLCOD.JDT successfully downloads TROJ_INJECT.JDT, which also tries to connect to a URL that has since become inaccessible. In separate infection chains, another pair of detections leaves affected systems ridden with multiple malware. JS_SHELLCODE.YY and JS_COSMU.A download and drop other malware, which eventually lead to information theft. The final payloads, TSPY_GAMETI.WOW and TROJ_GAMETHI.FNZ, both steal user names and passwords related to the game, World of Warcraft (WoW). 1 of 2 – WEB THREAT SPOTLIGHT
Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. Considering the fact that real money can be made through stealing online-gaming credentials, it is not surprising that cybercriminals leveraged a critical IE vulnerability for personal gain. In 2009, massively multiplayer online (MMO) games in the United States alone made as much as US$3.8 billion, proving the extensive moneymaking opportunities that games like WoW offer. Exploiting game bugs for fraud and cheating is yet another recurring theme in cybersecurity, the end of which is nowhere in sight. However, exploiting an IE bug instead of directly hacking games puts a different spin to the typical game-related information theft techniques. It likewise proves that cybercriminals will stop at nothing to carry out their malicious intentions. User Risks and Exposure While vulnerabilities constantly exist, zero-day flaws complicate matters because of the time factor involved. As developers rush to protect users, cybercriminals are likewise on the run to use the bug to their advantage. The recent IE vulnerability is yet another proof of how zero-day exploits can lead to a complex infection chain. To avoid zero-day exploits, users should use updated versions of all software and ensure that their antivirus patterns are up-to-date at all times. It is also important to be wary of links, files, and downloadable data from untrustworthy sources. Disabling scripting or, at least, regulating its use to trusted sites is also a good option to avoid falling prey to exploits that abuse script files. Using alternative browsers is another option. However, it is also important to note that even other browsers have vulnerabilities that are not immediately fixed. As such, users should patch all software as soon as updates are released. Patching systems requires a lot of work but is a critical step in ensuring system security. Trend Micro Solutions and Recommendations Trend Micro™ Smart Protection Network™ infrastructure delivers security that is smarter than conventional approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network™ is a cloud-client content security infrastructure that automatically blocks threats before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grow, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity. In this attack, Web reputation service prevents users from accessing sites hosting JS_SHELLCODE.CD, JS_SHELLCOD.JDT, JS_SHELLCODE.YY, and JS_COSMU.A. File reputation service detects and consequently deletes malicious files such TROJ_INJECT.JDT, TROJ_SASFIS.VR, TROJ_DLOADR.VR, TSPY_GAMETI.WOW, TROJ_DROPPR.FNZ, and TROJ_GAMETHI.FNZ from infected systems. Trend Micro Deep Security™ and Trend Micro OfficeScan™ likewise protect business users via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF10-011 release, rule number IDF10011. The following post at the TrendLabs Malware Blog discusses this threat: http://blog.trendmicro.com/new-ie-zero-day-exploit-cve-2010-0806/ The virus reports are found here: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCODE.CD http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCOD.JDT http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INJECT.JDT http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCODE.YY http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SASFIS.VR http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.VR http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_GAMETI.WOW http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_COSMU.A http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.FNZ http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_GAMETHI.FNZ Other related posts are found here: http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/56_ie_zero-day_vulnerability_opens_door_to_hydraq__ january_27__2010_.pdf http://blog.trendmicro.com/the-wonderful-wor1d-of-warcraft/ http://blog.trendmicro.com/keep-systems-safe-patch-alternative-browsers/ 2 of 2 – WEB THREAT SPOTLIGHT

Empfohlen

‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...
‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...
‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...Interdisciplinary Research at the University of Southampton
 
Human Brain (BG)
Human Brain (BG)Human Brain (BG)
Human Brain (BG)rado_fun
 
autopista en bolivia
autopista en boliviaautopista en bolivia
autopista en boliviaguest10982e
 
Happy New Year 2008 (EN)
Happy New Year 2008 (EN)Happy New Year 2008 (EN)
Happy New Year 2008 (EN)rado_fun
 
Man of the Year 2006 (BG)
Man of the Year 2006 (BG)Man of the Year 2006 (BG)
Man of the Year 2006 (BG)rado_fun
 
What to do After a Car Accident?
What to do After a Car Accident?What to do After a Car Accident?
What to do After a Car Accident?rado_fun
 
Women's Dictionary (BG)
Women's Dictionary (BG)Women's Dictionary (BG)
Women's Dictionary (BG)rado_fun
 
Thoughts
ThoughtsThoughts
Thoughtsrado_fun
 

Empfohlen

‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...
‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...
‘WaterAid’, Presentation by Alice Dibblin, University of Southampton and volu...Interdisciplinary Research at the University of Southampton
 
Human Brain (BG)
Human Brain (BG)Human Brain (BG)
Human Brain (BG)rado_fun
 
autopista en bolivia
autopista en boliviaautopista en bolivia
autopista en boliviaguest10982e
 
Happy New Year 2008 (EN)
Happy New Year 2008 (EN)Happy New Year 2008 (EN)
Happy New Year 2008 (EN)rado_fun
 
Man of the Year 2006 (BG)
Man of the Year 2006 (BG)Man of the Year 2006 (BG)
Man of the Year 2006 (BG)rado_fun
 
What to do After a Car Accident?
What to do After a Car Accident?What to do After a Car Accident?
What to do After a Car Accident?rado_fun
 
Women's Dictionary (BG)
Women's Dictionary (BG)Women's Dictionary (BG)
Women's Dictionary (BG)rado_fun
 
Thoughts
ThoughtsThoughts
Thoughtsrado_fun
 
Simple Math (EN)
Simple Math (EN)Simple Math (EN)
Simple Math (EN)rado_fun
 
Views from Europe
Views from EuropeViews from Europe
Views from Europerado_fun
 
Lost in Translation
Lost in TranslationLost in Translation
Lost in Translationrado_fun
 
Spelling Mistakes (BG)
Spelling Mistakes (BG)Spelling Mistakes (BG)
Spelling Mistakes (BG)rado_fun
 
Love Motel
Love MotelLove Motel
Love Motelrado_fun
 
Thrill Rides in Las Vegas
Thrill Rides in Las VegasThrill Rides in Las Vegas
Thrill Rides in Las Vegasrado_fun
 
ATM Thefts
ATM TheftsATM Thefts
ATM Theftsrado_fun
 
Driver Misery (BG)
Driver Misery (BG)Driver Misery (BG)
Driver Misery (BG)rado_fun
 
Come to Andorra
Come to AndorraCome to Andorra
Come to Andorrastermengolenglish
 
Bolivia slides
Bolivia slidesBolivia slides
Bolivia slideschawley78
 
Cracked Pot (BG)
Cracked Pot (BG)Cracked Pot (BG)
Cracked Pot (BG)rado_fun
 
Zion np en bryce np 22 07
Zion np en bryce np 22 07Zion np en bryce np 22 07
Zion np en bryce np 22 07passievoorreizen
 
Happy New Year 2008 (BG)
Happy New Year 2008 (BG)Happy New Year 2008 (BG)
Happy New Year 2008 (BG)rado_fun
 
Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)Luis
 
Common Wild Edibles
Common Wild EdiblesCommon Wild Edibles
Common Wild EdiblesLinna Ferguson
 
Why I Like Kids
Why I Like KidsWhy I Like Kids
Why I Like Kidsrado_fun
 
Tamanhodegraoastmpapaer
Tamanhodegraoastmpapaer Tamanhodegraoastmpapaer
TamanhodegraoastmpapaerJefferson Nascimento
 
IT Course - Using a PC - Best Practices
IT Course - Using a PC - Best PracticesIT Course - Using a PC - Best Practices
IT Course - Using a PC - Best Practicesrado_fun
 
Thessaloniki by Group 1&3
Thessaloniki by Group 1&3Thessaloniki by Group 1&3
Thessaloniki by Group 1&3ftachm
 
Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 

Weitere ähnliche Inhalte

Andere mochten auch

Simple Math (EN)
Simple Math (EN)Simple Math (EN)
Simple Math (EN)rado_fun
 
Views from Europe
Views from EuropeViews from Europe
Views from Europerado_fun
 
Lost in Translation
Lost in TranslationLost in Translation
Lost in Translationrado_fun
 
Spelling Mistakes (BG)
Spelling Mistakes (BG)Spelling Mistakes (BG)
Spelling Mistakes (BG)rado_fun
 
Love Motel
Love MotelLove Motel
Love Motelrado_fun
 
Thrill Rides in Las Vegas
Thrill Rides in Las VegasThrill Rides in Las Vegas
Thrill Rides in Las Vegasrado_fun
 
ATM Thefts
ATM TheftsATM Thefts
ATM Theftsrado_fun
 
Driver Misery (BG)
Driver Misery (BG)Driver Misery (BG)
Driver Misery (BG)rado_fun
 
Bolivia slides
Bolivia slidesBolivia slides
Bolivia slideschawley78
 
Cracked Pot (BG)
Cracked Pot (BG)Cracked Pot (BG)
Cracked Pot (BG)rado_fun
 
Happy New Year 2008 (BG)
Happy New Year 2008 (BG)Happy New Year 2008 (BG)
Happy New Year 2008 (BG)rado_fun
 
Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)Luis
 
Why I Like Kids
Why I Like KidsWhy I Like Kids
Why I Like Kidsrado_fun
 
IT Course - Using a PC - Best Practices
IT Course - Using a PC - Best PracticesIT Course - Using a PC - Best Practices
IT Course - Using a PC - Best Practicesrado_fun
 
Thessaloniki by Group 1&3
Thessaloniki by Group 1&3Thessaloniki by Group 1&3
Thessaloniki by Group 1&3ftachm
 

Andere mochten auch (19)

Simple Math (EN)
Simple Math (EN)Simple Math (EN)
Simple Math (EN)
 
Views from Europe
Views from EuropeViews from Europe
Views from Europe
 
Lost in Translation
Lost in TranslationLost in Translation
Lost in Translation
 
Spelling Mistakes (BG)
Spelling Mistakes (BG)Spelling Mistakes (BG)
Spelling Mistakes (BG)
 
Love Motel
Love MotelLove Motel
Love Motel
 
Thrill Rides in Las Vegas
Thrill Rides in Las VegasThrill Rides in Las Vegas
Thrill Rides in Las Vegas
 
ATM Thefts
ATM TheftsATM Thefts
ATM Thefts
 
Driver Misery (BG)
Driver Misery (BG)Driver Misery (BG)
Driver Misery (BG)
 
Come to Andorra
Come to AndorraCome to Andorra
Come to Andorra
 
Bolivia slides
Bolivia slidesBolivia slides
Bolivia slides
 
Cracked Pot (BG)
Cracked Pot (BG)Cracked Pot (BG)
Cracked Pot (BG)
 
Zion np en bryce np 22 07
Zion np en bryce np 22 07Zion np en bryce np 22 07
Zion np en bryce np 22 07
 
Happy New Year 2008 (BG)
Happy New Year 2008 (BG)Happy New Year 2008 (BG)
Happy New Year 2008 (BG)
 
Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)Ruta de Bolivia (Driving In Bolivia)
Ruta de Bolivia (Driving In Bolivia)
 
Common Wild Edibles
Common Wild EdiblesCommon Wild Edibles
Common Wild Edibles
 
Why I Like Kids
Why I Like KidsWhy I Like Kids
Why I Like Kids
 
Tamanhodegraoastmpapaer
Tamanhodegraoastmpapaer Tamanhodegraoastmpapaer
Tamanhodegraoastmpapaer
 
IT Course - Using a PC - Best Practices
IT Course - Using a PC - Best PracticesIT Course - Using a PC - Best Practices
IT Course - Using a PC - Best Practices
 
Thessaloniki by Group 1&3
Thessaloniki by Group 1&3Thessaloniki by Group 1&3
Thessaloniki by Group 1&3
 

Mehr von Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 

Mehr von Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, Vulnerabilities
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 

Kürzlich hochgeladen

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Kürzlich hochgeladen (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

New IE Zero-Day Exploit Triggers Info Theft

  • 1. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. ISSUE NO. 60 MARCH 29, 2010 New IE Zero-Day Exploit Triggers Info Theft Zero-day vulnerabilities and exploits seem to be a recurring theme in recent months. Several software and browsers received criticism for critical vulnerabilities that were made public. Topping the list is Internet Explorer (IE), which was found to have two separate security vulnerabilities in March alone. The most recent of these zero-day vulnerabilities unfortunately led to several malware detections, which in some instances, paved the way for game-related information theft. The Threat Defined Several news on zero-day vulnerabilities recently made headlines. Just months after the much-publicized IE bug exploit related to the HYDRAQ attacks, a new IE vulnerability prompted Microsoft to release another security advisory to warn its users. Security Advisory (981374) informs users of a vulnerability that exists due to an invalid pointer reference bug within IE, which has been identified as CVE-2010- 0806. This particular bug can be exploited under certain conditions to execute malicious code. The vulnerability primarily affects IE 6 and 7 but does not affect IE 8. Systems using the latest Windows versions—Windows 7 and Server 2008—are likewise automatically immune from this threat since the said OS versions are shipped with IE 8. Unfortunately, systems that came preinstalled with earlier versions of IE can fall prey to several malware detections that exploit the still-unpatched zero-day flaw. Visiting compromised websites using IE 6 or 7 may result in the download of malicious script files that take advantage of the said vulnerability to allow a remote user to access the affected system. To date, Trend Micro has detected several attacks that all Figure 1. CVE-2010-0806 exploit infection diagram begin with a malicious JavaScript file. Two different detections, JS_SHELLCODE.CD and JS_SHELLCOD.JDT, both exploit the vulnerability and attempt to download files. For its part, JS_SHELLCOD.JDT successfully downloads TROJ_INJECT.JDT, which also tries to connect to a URL that has since become inaccessible. In separate infection chains, another pair of detections leaves affected systems ridden with multiple malware. JS_SHELLCODE.YY and JS_COSMU.A download and drop other malware, which eventually lead to information theft. The final payloads, TSPY_GAMETI.WOW and TROJ_GAMETHI.FNZ, both steal user names and passwords related to the game, World of Warcraft (WoW). 1 of 2 – WEB THREAT SPOTLIGHT
  • 2. Web Threat Spotlight A Web threat is any threat that uses the Internet to facilitate cybercrime. Considering the fact that real money can be made through stealing online-gaming credentials, it is not surprising that cybercriminals leveraged a critical IE vulnerability for personal gain. In 2009, massively multiplayer online (MMO) games in the United States alone made as much as US$3.8 billion, proving the extensive moneymaking opportunities that games like WoW offer. Exploiting game bugs for fraud and cheating is yet another recurring theme in cybersecurity, the end of which is nowhere in sight. However, exploiting an IE bug instead of directly hacking games puts a different spin to the typical game-related information theft techniques. It likewise proves that cybercriminals will stop at nothing to carry out their malicious intentions. User Risks and Exposure While vulnerabilities constantly exist, zero-day flaws complicate matters because of the time factor involved. As developers rush to protect users, cybercriminals are likewise on the run to use the bug to their advantage. The recent IE vulnerability is yet another proof of how zero-day exploits can lead to a complex infection chain. To avoid zero-day exploits, users should use updated versions of all software and ensure that their antivirus patterns are up-to-date at all times. It is also important to be wary of links, files, and downloadable data from untrustworthy sources. Disabling scripting or, at least, regulating its use to trusted sites is also a good option to avoid falling prey to exploits that abuse script files. Using alternative browsers is another option. However, it is also important to note that even other browsers have vulnerabilities that are not immediately fixed. As such, users should patch all software as soon as updates are released. Patching systems requires a lot of work but is a critical step in ensuring system security. Trend Micro Solutions and Recommendations Trend Micro™ Smart Protection Network™ infrastructure delivers security that is smarter than conventional approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network™ is a cloud-client content security infrastructure that automatically blocks threats before they reach you. A global network of threat intelligence sensors correlates with email, Web, and file reputation technologies 24 x 7 to provide comprehensive protection against threats. As the sophistication of threats, volume of attacks, and number of endpoints rapidly grow, the need for lightweight, comprehensive, and immediate threat intelligence in the cloud is critical to overall protection against data breaches, damage to business reputation, and loss of productivity. In this attack, Web reputation service prevents users from accessing sites hosting JS_SHELLCODE.CD, JS_SHELLCOD.JDT, JS_SHELLCODE.YY, and JS_COSMU.A. File reputation service detects and consequently deletes malicious files such TROJ_INJECT.JDT, TROJ_SASFIS.VR, TROJ_DLOADR.VR, TSPY_GAMETI.WOW, TROJ_DROPPR.FNZ, and TROJ_GAMETHI.FNZ from infected systems. Trend Micro Deep Security™ and Trend Micro OfficeScan™ likewise protect business users via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF10-011 release, rule number IDF10011. The following post at the TrendLabs Malware Blog discusses this threat: http://blog.trendmicro.com/new-ie-zero-day-exploit-cve-2010-0806/ The virus reports are found here: http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCODE.CD http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCOD.JDT http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INJECT.JDT http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCODE.YY http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SASFIS.VR http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.VR http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_GAMETI.WOW http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_COSMU.A http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DROPPER.FNZ http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_GAMETHI.FNZ Other related posts are found here: http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/56_ie_zero-day_vulnerability_opens_door_to_hydraq__ january_27__2010_.pdf http://blog.trendmicro.com/the-wonderful-wor1d-of-warcraft/ http://blog.trendmicro.com/keep-systems-safe-patch-alternative-browsers/ 2 of 2 – WEB THREAT SPOTLIGHT