Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009, qui è presentato un sommario dello Studio.
Presentación - Protecting your Employess, Customers, and Investments in the A...Interlat
Interlat & Hootsuite - Protecting your Employess, Customers, and Investments in the age Social Media #LatamDigital - Evento Financiero 2018 - Sam Small, ZeroFOX, mas información de Hootsuite e Interlat aquí: http://interlat.co/hootsuite/
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009, qui è presentato un sommario dello Studio.
Presentación - Protecting your Employess, Customers, and Investments in the A...Interlat
Interlat & Hootsuite - Protecting your Employess, Customers, and Investments in the age Social Media #LatamDigital - Evento Financiero 2018 - Sam Small, ZeroFOX, mas información de Hootsuite e Interlat aquí: http://interlat.co/hootsuite/
Symantec Mobile Security Whitepaper June 2011Symantec
Symantec Corp. announced the publication of "A Window Into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android." This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
Cyber Security aware society is the need of the hour, there is a growing need for Cyber Security awareness, every user of internet should know at least the basics of cyber security, an educated and aware user can help in minimizing the impact and rate of cyber crimes, particularly of those that are related with online transactions and phishing…
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Today's corporate world is part of the battleground fighting against potential threats and attacks. Though the threat landscape is evolving ra pidly, security has usually always caught up to gain the upper hand.
Symantec Mobile Security Whitepaper June 2011Symantec
Symantec Corp. announced the publication of "A Window Into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android." This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
Cyber Security aware society is the need of the hour, there is a growing need for Cyber Security awareness, every user of internet should know at least the basics of cyber security, an educated and aware user can help in minimizing the impact and rate of cyber crimes, particularly of those that are related with online transactions and phishing…
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Today's corporate world is part of the battleground fighting against potential threats and attacks. Though the threat landscape is evolving ra pidly, security has usually always caught up to gain the upper hand.
Since the advent of the Internet, cybersecurity has been handed new challenges due to the massively expanded accessibility and interconnectedness of the web. Where once security was considered to be dealt with in a multi-layered manner, now those layers are so fuzzy and expanded as to no longer exist.
By United Security Providers
eScan, one of the leading Anti-Virus and Content Security Solution providers, has studied on a recent poll that says 32% of the top IT professionals agreed that data breaches and malware are the top threats that any organization faces.
There is nothing mystical about cyber security. Any company can be a target – if not specifically selected, then a target of opportunity. Cyber attackers try to get their victims any way they can, and will do anything to profit. Watch the recording of cyber-security first webinar and download the presentation materiel to learn more how you can prevent from targeted cyber attacks.
Article URL : https://business.f-secure.com/cyber-security-what-is-it-all-about/
Microsoft has announced the BlueKeep vulnerability, a wormable Remote Desktop vulnerability that has a high potential of being exploited in legacy operating systems.
Be warned, this vulnerability can be exploited remotely with no authentication required. Protect yourself from what people are calling the next WannaCry.
Malvertising - Sounds like a mouthful, I know. But it’s a word-blend (postmanteau) between Malware and Advertising. Malvertising is what occurs when online advertising is used to spread malwares.
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
A professional guide to reducing the risks of a cyber attack on your business. A professionally written article that would be suitable for a technical IT blog.
Similar to PC Maker's Support Page Succumbs To Compromise (20)
Investigating Web Defacement Campaigns at LargeTrend Micro
Website defacement is a very common attack. We know that hackers attack websites everyday. After websites are compromised, web pages could be altered by hackers.
Hackers usually leave some messages in deface pages, like who they are, why they attack.
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
In today’s real-time enterprise where we all must do more with less, the operations team is sometimes forced to take shortcuts. Forgetting to manually apply security controls is often one of the first tasks to fall by the wayside. VMs that are put in production, lacking adequate protection, leave high-risk vulnerabilities open for exploitation. Learn how building-in security automation with VMware NSX and Trend Micro Deep Security provides visibility, assesses risk, and applies the right protection. Once in operation, using the adapter for vRealize Operations, the security events become visible next to the operational events, providing a holistic view of the environment. This will be illustrated through the case study of a leading manufacturing company, Plexus Corporation, who will also share their NSX journey.
This was one of Trend Micro's sessions presented at VMworld 2017.
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow.
This was one of Trend Micro's sessions presented at VMworld 2017.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
In this work we explored the Attacks Landscape in the Dark Web. While in the past FTR looked at good and services offered and traded, here we investigated on the attacks and exposure. We observed hacking groups targeting each other, for example by defacing concurrent web sites in order to promote their -- or stealing Onion's private keys to possibly tampering on encrypted traffic in Tor.
All content not indexed by traditional web-based search engines is known
as the DeepWeb. Wrongly been associated only with the Onion Routing
(TOR), the DeepWeb's ecosystem comprises a number of other anonymous and
decentralized networks. The Invisible Internet Project (I2P), FreeNET,
and Alternative Domain Names (like Name.Space and OpenNic) are examples
of networks leveraged by bad actors to host malware, high-resilient
botnets, underground forums and bitcoin-based cashout systems (e.g., for
cryptolockers).
We designed and implemented a prototype system called DeWA for the
automated collection and analysis of the DeepWeb, with the goal of
quickly identifying new threats as soon they appear.
In this talk, we provide concrete examples of how using DeWA to detect,
e.g., trading of illicit and counterfeit goods, underground forums,
privacy leaks, hidden dropzones, malware hosting and TOR-based botnets.
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
AIS, Automatic Identification System, is a promoted standard and implementation for vessels traffic safety and monitoring. With more than 400,000 installations worldwide, AIS is currently a mandatory installation for commercial vessels and a de-facto equipment for leisure crafts. AIS is largely used in ports worldwide -- Rotterdam alone monitors over 700 AIS-enabled vessels each day, serving 32,000 seagoing and 87,000 inland vessels a year.
Back in October 2013, during HITB KUL, we showed that AIS is hardly broken, both at implementation and protocol level, and it suffers from severe vulnerabilities like spoofing and man-in-the-middle. In this talk, we extend our research by sharing with the audience several novel attacks that we recently discovered, for example how to extensively disable AIS communications or attack the software installed at back-end by port authorities. By doing so, we hope to raise the necessary awareness and lead the involved parties into calling for a more robust and secure AIS.
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
A talk given by Kyle Wilhoit and Marco Balduzzi from Trend Micro's Forward Looking Threat Research team, along with independent researcher Alessandro Pasta.
Abstract:
In recent years, automated identification systems (AISes) have been introduced to enhance vessels tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS, which is currently a mandatory installation for all passenger ships and ships over 300 metric tonnes, works by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installation, i.e. harbors and traffic controls, and Internet tracking and visualizing providers.
With an estimated number of 400,000 installation, AIS is currently the best system for collision avoidance, maritime security, aids to navigation and accident investigations.
Given its primary importance in marine traffic safety, we conducted a comprehensive security evaluation of AIS, by tackling it from both a software and a hardware, radio frequency perspective.
In this talk, we share with you our finding, i.e how we have been able to hijack and perform man-in-the-middle attacks on existing vessels, take over AIS communications, tamper with the major online tracking providers and eventually fake our own yacht!.
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
Targeted attacks and advanced persistent threats (APTs) are becoming the new norm of cyber security threats— encompassing organized, focused efforts that are custom-created to penetrate enterprises and government agencies for valuable data, trade secrets, and access to internal systems. We explore the anatomy of targeted attacks: the inner workings of the APT lifecycle, along with an in-depth overview of Trend Micro Deep Discovery advanced threat protection solution, and how it enables enterprise IT to adopt a custom defense strategy that modernizes its risk management program to defend against targeted attacks.
The Custom Defense Against Targeted AttacksTrend Micro
Advanced persistent threats (APTs) and targeted attacks have a proven ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. We review challenges faced by information security leaders, their options for dealing with attackers and how to a Custom Defense approach to deploy a comprehensive Detect—Analyze—Adapt—Respond lifecycle that enhances current security investments while providing new weapons to fight back against their attackers.
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
Dave Asprey, VP-Cloud Security of Trend Micro presented to members of the SDforum in Jan. 2011. This is an adapted version of is presentation which covers key considerations addressing data privacy concerns in the Cloud.
More than 80% of Today’s Top Malware Arrives via Web. More than 80% of Today’s Top Malware Arrives via Web. And
Security Demands on cloud service providers will increase. See the rest of Trend Micro's predictions for 2011.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
1. Web Threat Spotlight
A Web threat is any threat that uses the Internet to facilitate cybercrime.
ISSUE NO. 67
JULY 5, 2010
PC Maker’s Support Page Succumbs to Compromise
Although they may not be quite as high profile as they were a few years ago, cybercriminals are still compromising legitimate, high-traffic sites to
facilitate more targeted Web attacks. The latest victim to fall prey to this type of attack is Chinese PC manufacturer, Lenovo, when a malicious
iframe code that led to the download of a BREDOLAB variant was embedded into its support page.
The Threat Defined
Compromising websites is one of the most
effective tactics cybercriminals use to capture
more victims. This allows them to
conveniently distribute malware without
requiring user action to load malicious codes.
It is also a silent means by which threats are
delivered that does not require social
engineering to trick users into downloading
malicious content. All it relies on is the
popularity of the websites it targets, which
usually have large numbers of trusting users
that are potential infection victims.
Unlike most compromises that target a wide
range of websites, this latest compromise
used a more focused approach, targeting only
a specific but very popular website. It targeted
Lenovo’s website and, in effect, its customers
who were looking to download relevant
software for their systems.
Lenovo is one of the most popular brands of
computing devices, ranking as the fourth
largest PC vendor worldwide. It is also well-
represented in the corporate market because
its ThinkPad products are commonly used in
offices. It is also the biggest seller in China, Figure 1. Lenovo support page compromise infection diagram
which accounts for the largest proportion of
the Internet population globally. Needless to say, these factors make Lenovo a very appealing target for a website
compromise. In this particular attack, cybercriminals injected a malicious iframe code into the Lenovo site’s support
page, from which customers usually go to download driver updates and manuals. Users who then visited this page
instead downloaded TROJ_BREDOLAB.BY onto their computers.
TROJ_BREDOLAB.BY drops a copy of itself as well as other nonmalicious files onto the affected system. It makes
sure that it remains resident on the computer’s memory by injecting itself into the SVCHOST.EXE process. This
routine makes it more difficult to terminate and remove this Trojan from an affected system.
Once it executes, it connects to a website, which possibly hosts a number of other malicious programs that can be
downloaded onto an affected system. When users visit the compromised page, they become susceptible to further
malware attacks.
The infection was limited to only the download.lenovo.com domain while the general lenovo.com domain remained
unaffected. Users who accessed the site with Firefox and Chrome browsers were able to see malware warnings
when opening the resources hosted on the support page. This indicates that the affected pages were indeed
infected and blocked by Google’s Safe Browsing service.
Users used to be quite safe while surfing the Web as long as they stayed away from sites that
were notorious for hosting malware such as adult and warez sites. However, the inception of
website compromises changed the whole threat landscape in a sense that not even legitimate
1 of 2 – WEB THREAT SPOTLIGHT
2. Web Threat Spotlight
A Web threat is any threat that uses the Internet to facilitate cybercrime.
sites can be trusted anymore. In the past, website compromises resulted in thousands of sites being hacked on a
daily basis. This may not be the case today but site compromises can certainly occur anytime to anyone. Clearly it
is important for users to protect their systems from Web threats that may result from hacking. It is also the
responsibility of anyone with a website to make sure that his/her site stays secure and free from exploits.
User Risks and Exposure
BREDOLAB is a simple downloading platform that gained popularity in 2009 for facilitating the distribution of other
prominent malware families. Behind this simple program, however, is a bigger network of underground activities. It
has been affiliated with other malware families, particularly ZeuS and FAKEAV variants, in order to gain profit. Thus,
systems that have been affected by this downloader may become hosts to other malware attacks in an attempt to
build botnets or may be used in pay-per-install (PPI) scams related to rogue antivirus applications.
Any company that owns a compromised website is at risk of losing its customers’ trust. In Lenovo’s case, the page
remained infected over the weekend, giving cybercriminals ample time to infect many users. Some users raised
their concerns on the company’s official forum, commenting that nobody could be reached since the downloader
had been found and that Lenovo should be prudent enough to shut down the site until the issue has been resolved.
Although the company acknowledged the incident and admitted that there was ample room for improvement,
damage has already been done to the company’s reputation.
Trend Micro Solutions and Recommendations
Trend Micro™ Smart Protection Network™ infrastructure delivers security that is smarter than conventional
approaches. Leveraged across Trend Micro’s solutions and services, Smart Protection Network combines unique
in-the-cloud reputation technologies with patent-pending threat correlation technology to immediately and
automatically protect your information wherever you connect.
In this attack, Smart Protection Network’s Web reputation technology prevented access to malicious URLs that may
have hosted copies of TROJ_BREDOLAB.BY and other malicious URLs that this BEDOLAB variant connected to.
File Reputation technology detected and consequently removed the malicious file detected as
TROJ_BREDOLAB.BY and other malware that it may have subsequently download.
Trend Micro Titanium Internet Security provides automatic protection against viruses and spyware for netbook users.
It is a lightweight solution that runs in the background to give users the protection they need while browsing the
Internet without slowing down their netbooks. Trend Micro Internet Security also protects desktop and laptop users.
Users are also encouraged to adhere to the following best practices when browsing the Internet:
• Because traditional antivirus software does not block legitimate sites even when compromised, users are
advised to use security suites that utilize Web Reputation technology to block access to malicious sites.
• Website administrators should regularly scan their sites to ensure that these do not inadvertently host any
malware.
• Users should keep their guards up when surfing the Web. Always hover over a link to see if it looks
legitimate or not. If the URL looks obscure, it could be a redirect. It is always safer to err on the side of
caution.
• Users can run a malware scan as well using free tools like HouseCall to confirm if their systems have been
infected.
The following post at the TrendLabs Malware Blog discusses this threat:
http://blog.trendmicro.com/lenovo-support-page-compromise-leads-to-bredolab/
The virus reports are found here:
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BREDOLAB.BY
Other related posts are found here:
http://en.wikipedia.org/wiki/Market_share_of_leading_PC_vendors
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/bredolab_final.pdf
http://forums.lenovo.com/t5/General-Discussion/Warning-Lenovo-download-site-is-infected-by-trojan-downloader/td-
p/241901
http://lenovoblogs.com/connections/?p=1492
2 of 2 – WEB THREAT SPOTLIGHT