Kidz Rage !

Trend Micro Licenses Third Brigade’s Host IDS

SEPTEMBER 12, 2007 | CUPERTINO, Calif. — Trend Micro, Incorporated, a leader in network antivirus and Internet content security software and services, today announced it has licensed technology from Third Brigade, an Ottawa-based security software company specializing in host intrusion defense. Trend Micro plans to integrate the technology utilizing the extensible plug-in architecture currently available in Trend Micro OfficeScanTM 8.0, its flagship corporate endpoint security solution.

Trend Micro has licensed Third Brigade’s advanced firewall and deep packet inspection technology, along with its ongoing security update service. This licensed technology, coupled with Trend Micro’s Web Threat Protection capability, provides OfficeScan users with a comprehensive endpoint security solution encompassing antivirus, anti-spyware, firewall and host intrusion defense. This protects users – while on and off corporate networks – with complementary, proactive protection from malicious attacks.

“The ability to easily extend security coverage to protect against new threats is a critical requirement for software protecting servers and desktops,” said Eric Ogren, president of the Ogren Group. “Third Brigade plugs into Trend Micro’s new OfficeScan architecture to integrate network-type intrusion defenses into host security for endpoints and servers. Intercepting attacks in the network stack before infections even reach the operating system is a good way to achieve strong security without impacting performance.”

via Dark Reading

Cisco Systems Inc. and Trend Micro Inc. said Thursday they signed an agreement that will incorporate Trend Micro’s security services into Cisco’s network infrastructure products.

San Jose-based Cisco (NASDAQ:CSCO) said the agreement advances the two companies’ relationship, which started in 2004 when they began plans to incorporate Tokyo-based Trend Micro’s content security services into Cisco’s Adaptive Security Appliance family.

Under this agreement, the companies said they will now will work closely on integrating additional content security services into Cisco’s routing offerings.

Financial details of the agreement were not disclosed.

via Topix

Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.

Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site’s server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.

Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, discovered a large number of Italian-language Web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.

“Looking at these massive samples of malware, we can’t help to think that there’s something brewing in Russia,” said Carolyn Guevarra, a third researcher at Trend Micro, on the team’s blog yesterday. “We have just seen these cybercriminals pull the ‘Italian Job’ recently,” she added. “Are we now seeing a ‘Russian Uprising’ coming our way?”

Guevarra’s Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.

Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. “More details soon,” Guevarra promised.

Via Computerworld

Trend Micro Incorporated, a leader in network antivirus and Internet content security software and services, today published the TrendLabsSM Semi-annual Threat Roundup and Forecast. Analyzing malware trends that influence the economic growth of the malware world, the report demonstrates how malware attacks have changed in their style, motivation and target.

The era of the global malware outbreak is over. Today’s malware threats attempt to remain undetected and now often go after users in a specific region, country or group. These new attacks are of blended and sequential nature. They use combinations of malware, each of which plays a role in the delivery of the payload. Using the Web for delivery, update and entrenchments, such insidious attacks report back stolen information to the perpetrator, with the end goal of making money.

In the first six months of 2007, TrendLabs tracked several examples of just how the threat landscape has evolved, including “Storm” at the beginning of the year and the “Italian Job” most recently in June.

Via Topix

Trend Micro announces SecureCloud

Expanding on its consumer-software-as-a-service efforts, Trend Micro announced on Sunday SecureCloud for small and midsize businesses and the enterprise market. The idea is to provide clients with a range of services without requiring them to install software.

Services available include e-mail reputation, e-mail hosting, and botnet ID service. The latter will allow ISPs to filter command and control messages sent by customer’s compromised machines. One feature on the site is an IP reputation search; type in an IP address and Trend Micro will tell you whether the address can be trusted.

At present only two servers in the U.S.–east and west–are up and running. Plans include additional servers in Europe/Middle East/Africa region in the third quarter, Taiwan in the fourth quarter, and Japan in first quarter of 2008.

via News.com

Another great find by the Trend Micro Team!

A new variant of WORM_SDBOT has just turned up. This variant, detected by Trend as WORM_SDBOT.EXT, has been observed to spread copies of itself via MSN’s instant messaging application.

As with any IM-borne malware, the worm sends an interesting message to an unsuspecting recipient to trick him/her into downloading it into the system. A copy of the worm is sent directly with the message itself, as a zip file. This technique is quite different from other worms like WORM_SOHANAD, which include a URL link in the message from where the actual malware can be downloaded.

Once it has been successfully downloaded and executed, the worm is known to compromise security. Acting much like a backdoor, it connects to the IRC server vpn.basecore.info and joins the IRC channel VPN. Remote malicious users with access to WORM_SDBOT.EXT can issue various commands that would allow them to download files, terminate processes running on the system and create/open/execute/delete files.

Credits go to Jonell Baltazar of TMIRT for analysis and to Lalaine Gregorio of Content Security for the screenshot.

via Trend Micro Malware Blog

Yet another interesting exploit discovered by Trend Labs….

TrendLabs has received several reports a malicious Ichitaro document taking advantage of an as-yet undetermined vulnerability to drop a Trojan on target machines. Ichitaro is a popular Japanese word processing application.

The said exploit, which Trend Micro will detect as TROJ_TARODROP.Q, drops a Trojan to be detected as TROJ_SMALL.GQM. Based on initial analysis, TROJ_SMALL.GQM has the capability to drop other files onto the system, thus exposing the compromised machine to other attacks. More details about these malware will be posted shortly in the Trend Micro Virus Encyclopedia.

Note that this is not the first time a Japanese application was exploited by malware authors to perform their malicious deeds. Around the same time last year, the first Ichitaro exploit — TROJ_MDROPPER.BL — was detected (several variants has since followed). More recently, a vulnerability in the Japanese archiving application Lhaca was exploited by TROJ_LHDROPPER.A to drop a backdoor program.

via Trend Labs Malware Blog

A new business class version of this great software!!!! Yipee!!

Product Name: Trend Micro™ Internet Security Business Edition

Version: 2007

Product Languages: English, French and German

Description: The PC-cillin™ Internet Security 2007 Business Edition is an easy to use, all-in-one solution for small companies, with no dedicated IT staff .

It is a complete security solution protecting small peer-to-peer networks, with no server and Internet access though a router or modem.

Top Features:

Provides the powerful and effective protection of PC-cillin™ Internet Security 2007 against viruses and other Internet security threats.

Integrated anti-virus, anti-spyware, firewall, anti-phishing, anti-spam technologies to destroy the latest threats.

Comprehensive inbound and outbound firewall protection to block spyware, Trojans, key loggers and protect your computer from hackers

Wi-Fi Wireless Protection safeguards against unauthorized users invading your wireless office network.

Windows Vulnerability Assessment and Outbreak Warning System. Patches Microsoft™ Windows™ and Office™ security flaws automatically and alarms you if any suspicious changes have been made to your computer.

Network Control. Manages, configures and updates security for every PC on your network, with an easy-to-use management console.

License in a Box. Selling PC-cillin™ Internet Security 2007 multi user licenses is now as simple as selling a retail box.New!

Easy to manage: requires only a single serial number to protect up to 5, 10 or 25 computers.New!

FREE upgrade to new product versions for users within subscription.New!

FREE access to TrendSecure, a set of online services, providing extended protection, at the office or on the go.

Vista Certified

Popular Phones Used To Store Personal Information

Apple issues a warning to customers on how best to avoid hackers who are targeting the iPhone.

Click on the link below image to watch video:

http://video.nbc11.com/player/?id=132310

via NBC

I found a pretty cool article on the SunbeltBLOG regarding on how to easily reverse engineer malware if it’s written in AutoIt, a popular scripting tool. You simply unpack the malware and then run it through the AutoIt decompilation utility (exe2aut).

In the below video Didier Stevens shows how a piece of malware author’s code was exposed:

Remember…if you think you may be infected with a Virus or Malware, you can always use the FREE online tools from Trend Micro like Housecall or the Free Online Spyware Scan.

via SunbeltBLOG