Trend Micro TrendLabs

Trend Micro

TrendLabsGlobal Threat Trends 1H 2010

Threat Trends 4

Email Threat Trends 5

Web-Based Threat Trends 8

File-Based Threat Trends 9

Cybercrime and Botnets 10

Underground Economy 12

High Profile Incidents of 1H2010 12

Vulnerabilities 15

Trend Micro Technology and Protection 16

Smart Protection Network 16

Solutions and Services 16

TrendMicroEnterpriseSecurity 16

TrendMicroSecureCloud 16

TrendMicroWorry-FreeBusinessSecurity 16

TrendMicroTitanium 17

AdviceforBusinessesAdoptingCloudStrategies 17

AdviceforBusinesses 17-18

TopTipsforEndUsers 19

About TrendLabs 20

Table of Contents

Try it now for FREEIf you would like to see for yourself just how much time you could save then we’re currently offering

a free 30 day trial of all of the security products included in the BIG initiative. Or you can download

more information about the products, including a detailed white paper, or try our Internet Security

Consultant tool.

All you need to do is visit our dedicated BIG web site at: http://uk.trendmicro.com/uk/big/

Introduction

Cybercrime is now a fully fledged, but highly illegal business. And it’s all about money.

AstheUndergroundEconomyhasgrownandflourished,cybercriminalshavedeveloped

newmethodsfortrickingvictims.Theirscamsareamazinglylucrative,withprofitstotaling

inthebillionsperyear.ManyperpetratorshailfromEasternEuropewherecybercrime

isrampantandconsideredbusinessasusual.Canadianpharmacyspam,fakeantivirus

andothersarepartofawell-organizedbusinessmodelbasedontheconceptofaffiliate

networking.Inthecaseofcybercrime,productssoldviaaffiliatemarketingmaybehighly

profitable,althoughhighlyillegal—suchasclickfraudandsellingcreditcarddetails.

InthisreportcoveringJanuarytoJune2010,weexaminevariouscybercrimeincidents,

thecriminal’suseofmultipletoolssuchasbotnets,andlookatthreattrendsandactivity

currentlycausing,andlikelytocontinuetocausethemostpain,costanddisruptionto

connectedusersacrosstheworld.

Manythreatshaveevolvedinrecenttimes,becomingmoresilent,andmoreinsidious.

Threatsareintertwined–meaningalmosteverythreatcomprisesmultiplecomponents

forattacking,infectingandcompromisingdata.Componentsalwaysrelatetooneormore

ofthefollowingthreevectors–email,webandfile.Duringthefirstsixmonthsof2010

TrendLabsSMidentifiedEuropeasthelargestsourceofspamemails,whileEducationisthe

industrymostaffectedbymalwarecompromise.Meanwhile,theUSistheprimarysource

ofmaliciousURL’s.

Vulnerabilityexploitsareakeyassetusedbycybercriminals.Theybuyandsellvulnerability

information,exploitcode,aswellasothertypesofmalware.Inthefirsthalfof2010,over

2500commonvulnerabilitiesandexposures(CVE’s)wererecorded.

Professionalcriminalsarewidelyknowntobetheperpetratorsofalmostallthreats.

Botnetsaremanagedandrunasanenterpriseorganizationmanagesitsnetwork.Making

moneyistheprimaryaim.

3




Consultant tool.


Threat Trends

The Trend Micro™ Smart Protection Network™ infrastructure delivers advanced protection from the cloud, blocking threats in real-time before they reach you. Leveraging a unique, cloud-client architecture, it is powered by a global network of threat intelligence sensors, email, Web, and file reputation technologies that work together to dramatically reduce infections.

TheSmartProtectionNetworkisnowseeing45billionqueriesevery24hours,whileit

blocks5billionthreatsandprocesses2.5terabytesofdataonadailybasis.Onaverage80

millionusersareconnectedtothenetworkeachday.

ThiscommunityofusershelpsenableTrendMicroSmartProtectionNetworktocontinue

evolvingandimprovingprotectioninreal-time.

Thefollowingdatapoints,takenfromSmartProtectionNetworkandothersupporting

monitoringsystems,provideacomprehensiveinsightintothethreatsTrendMicro

protecteditsusersagainst,inthefirstsixmonthsof2010.

4




Consultant tool.


Spam

SpamcontinuedtogrowbetweenJanuaryandJune2010,albeitwithabriefintervalduringApril.

Themostnotablechangebetweenthefirstandsecondquartersof2010,wasthereductioninspamfromAPACandtheincreaseinspamfromEurope.CountriesstronglycontributingtothegrowthinspamfromEuropeincludeGermany,UK,ItalyandFrance.

Currently,TrendLabsmonitors38languagesanddialectsusedinspam.Thiscoverageiscontinuouslybeingimprovedtoprovideincreasedprotectionagainsthighlylocalizedspam.Morethan95%ofspamisinEnglish.Forthenon-Englishspam,thetopmostcommonlanguagesreceivedareRussian,Japanese,Chinese,Spanish,andFrench.

Mostofthespamtrackedduringthepastsixmonthsfallunderthefollowingthreecategories:Commercial(28%),Scams(22%),orHealth/Medical(15%).Intermsofspamtechnique,37%oftotalsamplesuseHTML,followedbyPlainText(25%)andShortSpam(10%).

Spam Volume3,500,000,000

3,000,000,000

2,500,000,000

2,000,000,000

1,500,000,000

1,000,000,000

500,000,000

0.00

JA

N

FE

B

MA

R

AP

R

MA

Y

JU

N

Regional Spam Sources - Q1

31%

38%

14%

14%

3% 0%

APAC

Europe

North America

South America

Unknown

Africa

Regional Spam Sources - Q2

28%

44%

14%

11%

3% 0%

APAC

Europe

North America

South America

Unknown

Africa

Spam Technique Distribution

25%

37%

6%

10%

4% 2%

5%1%0%

Plain Text

HTML

Image

PDF/RTF attached

GIF/JPEG attached

RAR/Zip attached

XLS attached

DOC/TXT attached

HTML Inserts

Short Spam

Salad

Others

3%

6%

Email Threat Trends

5




Consultant tool.





Consultant tool.


Commercial,ScamsandHealth/Medicalspammadeupthevastmajority–atotalof65percentofthetotalspamtrackedinthefirsthalfof2010.

Thequantityofspammedmessagesdistributedviabotnetsisastronomical.Spamcontinuestobeavectorofchoiceforcriminalsowingtothespeedofdistributionanddelivery,thevasttargetlistandrelativelylowcostofinvestmentwhencomparedtotheprofitonoffer.

ThebelowchartdemonstratesthequantityofspamperASN(AutonomousSystemNumber)inthefirstsixmonthsof2010.AnASNisallocatedtoeachISPororganizationthatmanagesalargegroupofIProutingprefixes1.

Ascanbeseenfromthechartabove,certainASNsareworkinghardtoreducethespamdistributedviatheirnetworks;however,theseeffortsseemtobecounteredbyanumberofprovidersnotactingtomanagethespamproblem.OnewayISP’scanhelpcombatbotnetsandspamisbyblockingemailonport25—theportresponsibleforSMTPtransfers.Botnetcommunicationsuseport25whensendingspamandotherjunkmail.

Byblockingport25andmovingemailcommunicationstoadifferentinternalport,thespamcommunicationswillbecomeineffective.Generallyspeaking,userswillnotnoticeanydirectchange,asmostusetheirISPs’ownserversorfreeemailservicesfromproviderslikeGmail,WindowsLiveHotmail,orYahooMail.

Asanexampleofhowandwhytheissueofspamisnowoverwhelming,accordingtoTrendMicroresearch,spamnowaccountsforaround97%ofallemailincirculation2.Inarecentlaboratorycontrolledinvestigation,thequantityofspamgeneratedbyasinglebotinfestedcomputerina24hourperiodtotaledaround2,553,9403.

1http://en.wikipedia.org/wiki/Autonomous_System_Number2http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis

q3_2009_spam_report.pdf3https://blog.trendmicro.com/how-many-spam-can-a-spam-bot-spam/

0100,000,000

200,000,000

300,000,000

400,000,000

500,000,000

600,000,000

700,000,000

800,000,000

JA

N

FEB

MA

R

AP

R

MA

Y

JU

N

Spam Volume by CountryUSAINDDEUBRAGBRFRAVNMITAKORPOLROMRUSNLDESPUKRCOLTWNSAUPRTISRARGGRCCANTURothers

982945899123223209245609050

5089250193269285677383462

6849476681671267131846799

6830184032769933202011528573

0

200,000

400,000

600,000

800.000

Spam volume by ASN (past 6 months)

JA

N

FEB

MA

R

AP

R

MA

Y

JU

N

98

29

45

89

9

123

22

32

09

24

56

0

90

50

50

89

25

019

32

69

28

56

77

38

34

62

68

30

184

03

27

69

9

33

20

20

115

28

57

3

68

49

47

66

816

7

126

7

1318

46

79

9

Spam volume by ASN (past 6 months)Spam Type Distribution

15%

7%

4%0%1%

Health/Meds

Stocks

Educ/Degree

Jobs

Scam

Adult/Porn/Dating

Financial

Commercial

Malware (URL)

Malware (attachment)

Phishing

Others

22%28%

4%

11%

2%0%

6%

Email Threat Trends

6




Consultant tool.





Consultant tool.


ThefollowingchartshowsthetotalnumberofspambotinfectedcomputersTrendLabsidentifiedpercountry.Aspambotisaninfectedcomputercontrolledbyabotnetknowntoprolificallydistributespam,althoughitisunlikelytobelimitedtoonlythistypeofactivity.Note,thatthisisnotthetotalnumberofinfectedcomputers–asmanybotsarenotusedtodistributespam.

However,thetotalnumberofactivespammingIP’sinIndiaandBrazilarewellaheadoftheirclosestrival,Germany.Inthepast6months,bothIndiaandBrazilhavefullyemergedascentralcountriesinthecybercriminallandscape.

Phishing

Targeted Entities

Inalphabeticalorder,thefourmostpopularentitiestargetedviabothphishingemailandspoofedsitesinthefirstsixmonthsof2010were(1)BankofAmerica,(2)eBay,(3)HSBC,and(4)PayPal.

Whilethemajorityofthetop10targetedentitiesarecommercialorfinancialentities,socialmediaplatformslikeFacebookandTwitter,aswellasMMORPGslikeWorldofWarcraft,werealsoconsistentlypresent.Themajorityofthenewentitiesbeingtargetedbyphishersarelocalbanksinspecificcountries(e.g.,Italy,Malaysia,UnitedStates)andonlinegamingservices(seebelow,inalphabeticalorder):

• AirAcademyFCU:acreditunionwithbranches inColorado

• BancaDelMontediLucca

• BancaCarige:acommercialItalianbank,includingsomeofitssubsidiarieslikeCassadiRisparmiodiCarraraandCassadiRisparmiodiSavona

• BancaCesarePonti:acommercialItalianbank

• BancaSai:acommercialItalianbank

• Battle.net:anonlinegamingserviceoperatedbyBlizzardEntertainment

• CassadiRisparmiodiFerrara:acommercialItalianbank

• CenturyLink:atelecommunicationscompanyintheUnitedStates

• FirstCaribbeanInternationalBank:aBarbados-basedbankoperatingintheCaribbean

• iQuebec:aFrench-languageInternetportal

• Lottomatica:anItaliangamingcompany

• NantahalaBank&TrustCompany:anAmericanbank

• NCSoft:anonlinegamingserviceprovider

• PinnacleBank:anAmericanbank

• President’sChoiceFinancial:aCanadianbank

• PublicBankBerhad:aMalaysianBank

• SCRIGNOforBancaPopolareDiSondrio:an Italianbank

Phishing Techniques

BetweenJanuaryandJune2010,phisherscontinuedthetrendofexplicitlydisplayphishingURLs.Thisindicatesvictimsstilltrustthatasiteisauthenticbasedonmoreobviousvisualcluessuchasthesite’sappearanceanduseofcorrectcompanylogos,insteadofinspectingtheURLaddressbar.

7

1H10 Total Host Count by Country

0

25,000,000

20,000,000

15,000,000

10,000,000

5,000,000

IND

BR

AD

EU

VM

NR

US

US

AIT

AG

BR

UK

RS

AU

CO

LE

SP

PO

LC

HN

AR

GT

WN

RO

MT

HA

TU

RS

RB

GR

CP

RT

IDN

PA

Ko

the

rs




Consultant tool.





Consultant tool.


Web-Based Threat Trends

TheonslaughtofthreatsusingtheWebasameanstopropagatewillincreasinglycausechallengesfororganizationsandendusers.

Bad Actors vs. Victims

BadActorsreferstothesourceofmaliciousURL’s.TheUnitedStateshasconsistentlybeentheprimarysourceofmaliciousURLs,whileJapanaccessedthegreatestnumberofmaliciousURLs.Similarly,NorthAmericaisthetopcontinentthathasthemostmaliciousURLs,whileAsiaisthecontinentwithmostvictims.

Top URLs and Domains Blocked

BelowisthelistoftheURLsthatconsistentlyappearedinthetop10for4-6months(innoparticularorder):

Belowisthelistofdomainsthatconsistentlyappearedinthetop10for4-6months(innoparticularorder):

8

Growth in Malicious URLs4,000,000,000

3,500,000,000

3,000,000,000

2,500,000,000

2,000,000,000

1,500,000,000

1,000,000,000

500,000,000

0

JA

N

FE

B

MA

R

AP

R

MA

Y

JU

N

# JAN FEB MAR Q1

1 UnitedStates UnitedStates UnitedStates UnitedStates

2 China China China China

3 Netherlands Netherlands Netherlands Netherlands

4 RussianFederation

Germany Germany Germany

5 Germany RussianFederation

Romania RussianFederation

6 Romania Japan Japan Romania

7 Japan Romania RussianFederation

Japan

8 France France UnitedKingdom France

9 UnitedKingdom UnitedKingdom France UnitedKingdom

10 Ukraine Canada Canada Canada

11 BosniaandHerzegovina

Ukraine Ukraine Ukraine

12 Canada SouthKorea SouthKorea SouthKorea

13 SouthKorea Italy Italy Sweden

14 Sweden Sweden Sweden Italy

15 Portugal Poland Australia Poland

16 Poland Turkey Bahamas BosniaandHerzegovina

17 Italy Australia Turkey Turkey

18 Turkey CzechRepublic Poland Australia

19 Australia Taiwan CzechRepublic Portugal

20 Israel Panama Panama CzechRepublic

URL Description

ad.globe7.com:80/iframe3(USA) ContainsmaliciousIFRAMEcode

bid.openx.net:80/json(USA) KnowntodownloadTROJ_AGENTvariants

delivery.adyea.com:80/lg.php(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.infinthedrives’rootdirectories

dt.tongji.linezing.com:80/tongji.do(CHN)

RelatedtoJS_DLOADR.ATF

hot1.xgazo.info:80/pic.php(USA) Proxyavoidancesite

newt1.adultadworld.com:80/jsc/z5/ff2.html(USA)

Adultwebsite

openxxx.viragemedia.com:80/www/delivery/afr.php(NLD)

Knowntohostadware

URL Description

bid.openx.net(USA) KnowntodownloadTROJ_AGENTvariants

delivery.adyea.com(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.infinthedrives’rootdirectories

dt.tongji.linezing.com(CHN) RelatedtoJS_DLOADR.ATF

hot1.xgazo.info(USA) Proxyavoidancesite

newt1.adultadworld.com(USA) Adultwebsite

openxxx.viragemedia.com(NLD) Knowntohostadware

trafficconverter.biz(USA) KnowntobeaccessedbyConficker/DOWNADvariants

# APR MAy JUN Q2

1 UnitedStates UnitedStates UnitedStates UnitedStates

2 China China Ireland China

3 Netherlands Romania China Ireland

4 Germany Germany Romania Romania

5 Romania Japan Japan Germany

6 Japan UnitedKingdom Germany Japan

7 UnitedKingdom Netherlands UnitedKingdom Netherlands

8 RussianFederation Ukraine Netherlands UnitedKingdom

9 Ukraine RussianFederation RussianFederation RussianFederation

10 France France Ukraine Ukraine

11 Canada SouthKorea France France

12 SouthKorea Canada SouthKorea Canada

13 Italy Australia Canada SouthKorea

14 Australia Italy Sweden Australia

15 Sweden Belgium Belgium Sweden

16 Turkey Sweden Australia Belgium

17 Bahamas Taiwan Latvia Italy

18 Singapore Bahamas Italy Bahamas

19 CzechRepublic Singapore Bahamas Latvia

20 Poland Poland Taiwan Taiwan

Monthly Top 20 Bad Actors by Country




Consultant tool.





Consultant tool.


File-Based Threat Trends

New Malware Creation

Inordertoensurewidesourcingofmalwaresamples,TrendMicrohasitsownresearchandmonitoringsystemsandalsocollaborateswithmultipleindependentthirdparties.IncludedamongtheseindependentthirdpartiesisAV-test.org.Calculationsbaseduponthetotalnumberofuniquesamplescollectedin2009,anewpieceofmalwareiscreatedevery1.5seconds.

TrendLabsnowseesintheregionof250,000sampleseachday.However,recentestimatesplacethenumberofuniquenewmalwaresamplesintroducedinasingledayatgreaterthan60,000uniquesamples.

Trojansaccountforabout60percentofnewsignaturescreatedbyTrendLabs,and53percentofoveralldetectionsasofJune.BackdoorsandTrojan-spyware,oftenassociateddefinedascrimewareordata-stealingmalware,comeinsecondandthirdplaces,respectively.However,themajorityofTrojansleadtodata-stealingmalware.

Infections according to Industry

ThechartbelowclearlyindicatesthatEducationasanindustryhasbeenhardesthitbyinfectionsinthefirsthalfof2010.Thisislikelyowingtothenumberofstudentsusingoldandoutofdatesoftwareandsecurity,andpossiblyvisitingsuspectwebsites.Theseissuescompoundthechallengesrelatedtosecuringacomplex,distributedanddiverseinfrastructure.

Infection breakdown by Industry

Infections tracked, by Industry over Time

New Unique Samples Added toAV-Test.org’s Malware Collection

1,500,000

1,000,000

500,000

0

2,000,000

20

07-

01

20

07-

03

20

07-

05

20

07-

07

20

07-

09

20

08

-01

20

08

-03

20

08

-05

20

08

-07

20

08

-09

20

08

-11

20

09

-01

20

09

-03

20

09

-05

20

07-

07

20

07-

09

20

09

-11

20

10-0

1

20

10-0

3

Uniq

ue

Sam

ple

sA

dded

NEWThreat Every

1.5Seconds

TESTGrowth

3 Month Median

Forecast

Utilities

Technology

Other

Materials

Healthcare

Financial

Education

Transportation

Retail

Oil and Gas

Manufacturing

Government

Fast-Moving Consumer Goods (FMCG)

Communications and Media

Telecommunications

Real estate

Media

Insurance

Food and beverage

Energy

Banking

200,000,000

150,000,000

100,000,000

50,000,000

0

JA

N

FE

B

MA

R

AP

R

MA

Y

JU

N

*5,! *56! 257! 8.3! 9:;!

D.6.:=EE5,B:+A=,C!

10%

4%1%

Banking

Communication/Media

Education

Energy

Fast-Moving Consumer Goods

Financial

Food and beverage

Government

Healthcare

Insurance

Manufacturing

Materials

Media

Oil and gas

Other

Real estate

Retail

Technology

Telecommunications

Transportation

Utilities

2% 3%0% 1%

6%

2%

0%0%

0%4%

0%1%

3%2%

44%10%

1%

2%

9




Consultant tool.


Cybercrime and Botnets

Botnets are the tool of choice for distributing malware, perpetrating attacks and sending slews of spam email. Through these botnets, botnet herders – the Cybercriminals behind the botnets earn millions of dollars in money stolen from innocent computer users.

These cybercriminals buy and sell, build partnerships and rent services just as above-board business would; the main difference being the legitimacy and legality of the products, solutions and services they handle.

In an effort to help better explain cybercrime, in April 2010, TrendLabs forward looking research group published the following correlation map to provide a pictorial representation of the cybercriminal business model4.

This chart may on the face of it, seem quite complicated, but we can illustrate by using BREDO and CUTWAIL as an example.

CUTWAIL spammed messages contain BREDO variants, therefore it can be assumed that the criminals behind BREDO are paying the criminals behind CUTWAIL to send spam containing BREDO. It is also likely that they are paid per machine infected by the BREDO variant they spammed. Note that these infected machines, which are part of the CUTWAIL botnet, report back to the BREDO botnet master.

The same thing happens between ZeuS and BREDO. The criminals behind ZeuS pay the criminals behind BREDO to install their (ZeuS) malware on infected machines. As we all know, ZeuS malware steals bank account information, among other things (e.g., POP3 and FTP accounts).

CUTWAIL

BREDO

SASFIS

KOOBFACE

ZEUS

TDSS FAKEAV

How the thread is delivereda.k.a. PUSHDO

usually found insocial networkingsites

a.k.a BREDOLABBREOLAB

notoriousinformationstealer

Approved for rootkit capabilities

spamware used to extortmoney from victims. ITexchange for fakesecurity software

used to deliverMalware as pay perinstall or pay peraccess models

SPAM

Pay per Install

WALEDAC

10

4 http://blog.trendmicro.com/spotlighting-the-botnet-business-model/




Consultant tool.


Thereisanongoingcycleofmoneymovingfromoneplacetoanother.Inanotherexample,criminalsbehindFAKEAVgetpaidifusersbuytheirfakeantivirusprogramsandtheyusethismoneytopayotherbotnetstospreadtheirprograms.

Attheendoftheday,theaimofthissuccessionofinfectionsistostealmoneyfromaffectedusers.Keepinmindthateverytimeaprimarybotnetdownloadsanothermalware,criminalsbehindthebotnetarepaid.

TrendLabsexpertsseethiscyclecontinuing,andevolvingconstantly.ArguablytwothreatsthathavehadthemostimpactinthepastsixmonthsareZeuSandKOOBFACE.

ZeuS

ZeuSisprimarilyacrimewarekitdesignedtostealusers’onlinebankinglogincredentials,amongotherthings.ItisthehandiworkofEasternEuropeanorganizedcriminalsthathasnowenteredtheundergroundcybercriminalmarketasacommodity.ZeuShasproliferatedinpartduetotheavailabilityoftheseZeuStoolkits,whichallowcybercriminalstorapidlycreateZeuSvariantsinamatterofminutes.HundredsofnewZeuSvariantsareseenbyTrendMicroeveryday,andthisisnotlikelytochangeinthenearfuture.

AnewversionoftheZeuSmalwarehasalsobeenencounteredinthewildsincethestartoftheyear.Thesenewversions,frequentlyreferredtoasZeuS2.0versions,havehadtheirbehaviorchangedtobecomemoredifficulttodetectandremovefromsystems.Inaddition,thisnewversionalsoincludesdefaultsupportforcurrentversionsofWindows,wherebeforeithadtobeacquiredasan“upgrade”5.

KOOBFACE

KOOBFACEhasbeenaroundsincelastyear,gearinguptobecomethelargestsocialnetworkingthreattodate.Intheearlypartofthisyear,TrendLabsexpertsnotedthattheKOOBFACEgangwascontinuouslyupdatingtheirbotnet:changingthebotnet’sarchitecture,introducingnewcomponentbinaries,andmergingthebotnet’sfunctionswithotherbinaries.TheyalsobeganencryptingtheirC&Ccommunicationstoavoidmonitoringandtakedownbysecurityresearchersandtheauthorities.

KOOBFACEattacksusersonseveralsocialnetworkingsites,andgiventheincreasingusageacrossalldemographics,theKOOBFACEgangwillnotlikelyletgoofthismoney-generatingscheme.Infact,ithadbeguntrackingvisitors,asevidencedbyashortJavaScriptcodefoundinthefakevideopagestheganghassetup.ThisenablesthecreatorstocorrelateuseractivitybasedontimeofdayandvolumeofsuccessfulKOOBFACEinfections6.

5http://us.trendmicro.com/imperia/md/content/us/trendwatchresearchandanalysis/zeusapersistentcriminalenterprise.pdf

6http://us.trendmicro.com/imperia/md/content/us/trendwatchresearchandanalysis/web_2_0_botnet_evolution_-_koobface_revisited__may_2010_.pdf

11

4http://blog.trendmicro.com/spotlighting-the-botnet-business-model/




Consultant tool.


During their monitoring, experts from TrendLabs identified the following items and their average price tag, for sale on the underground.

Documents Scan Resale Services:Passport/utility bill/statement - $20 Credit card (front and back) - $25 Passport/utility bill/statment - $20Original docs - starts from $4Passport - $20 Drivers License - $20Credit cards - $30Utility bill - $10

US Credit Card Sales:US credit cards selling: USA /Master Card / VISA Price – $0.80c - $1 each

EU credit cardsCredit cards: Denmark, Greece, Ireland (Eire), Latvia, Netherlands, Norway, SwedenPrice - $3 per card

Credit Card Money CashersCard information input servicePerson inputs the information of the credit card in online shops, for delivery to the requested addressPrice - $5

PayPal accounts sellingSell Hacked PayPal accountsPrice - 30% of the current balance on the PayPal account

Between January and June 2010, there were many high profile threat incidents. The following threat incidents are those we believe had most impact on users and/or the security industry.

1 – The IE and other Zero Day Attacks7

In January, spammed emails loaded with malware files were sent to users and malicious sites were been found to contain hidden JavaScript malware that took advantage of a zero-day vulnerability exploit in Internet Explorer. All versions of Internet Explorer (except v5.01) were affected and the exploit was known to send backdoor Trojans to affected systems.

Once executed, these malicious backdoor files stole information which was sent to a remote user. This zero-day vulnerability was subsequently reprogrammed to avoid a security feature in Internet Explorer – forcing Microsoft to release an out-of-band patch (Microsoft Security Bulletin MS10-002) on 21 January. Some reports also suggest that cybercriminals are also launching attacks using recent vulnerabilities found in Adobe Reader and Acrobat.

Independent researchers surmised that about 34 companies were affected by what was been described as a “highly sophisticated and targeted attack.” This situation is in line with the Trend Micro prediction that there would be “No global outbreaks, but localized and targeted attacks”.

2 – ZeuS, ZBOT and Kneber

ZeuS, Kneber and ZBOT all relate to the notorious ZeuS crimeware. In February, Kneber hit the headlines and shone a spotlight on ZeuS, an established toolkit known to be leveraged by many other threats, it is one of the most dangerous threats online. ZeuS is often mistakenly referred to as a botnet – in fact, ZeuS is made up of many, many small botnets, all linked by their use of the same crimeware.

ZeuS may arrive as an attachment or link in a spammed message or be unknowingly downloaded via compromised websites. Most ZeuS botnets target bank-related websites, however, in the first 6 months of 2010, Trend Micro monitored activity including:

• Spam targeting government agencies • Phishing attacks that target AIM users • ZBOT variants that target the social networking site Facebook

Underground Economy High Profile Incidents of 1H2010

7 http://threatinfo.trendmicro.com/vinfo/web_attacks/Zero-Day_Internet Explorer_Bug_Downloads_HYDRAQ.html

12

Inordertodefraudvictims,thecriminalsbehindthisthreatgeneratealistofbank-relatedwebsitesorfinancialinstitutionsfromwhichtheystealusernames,passwordsandothersensitivebankinginformation.Theyharvestcredentialssuchasthoseusedforonlineshopping,onlinepaymentandFTP,andinsertextraformelementstolegitimatepages(eg.Onlinebanking)thataskforadditionalinformationsuchasPINnumbers.

TrendLabspublishedacomprehensiveinsightintoZeuSinMarch2010–ZeuSaPersistentCriminalEnterprise8.

3 - Mariposa Botnet Uses

Mariposa,“butterfly”inSpanish,referstoanetworkof13millioncompromisedsystemsinmorethan190countriesworldwidethatismanagedbyasinglecommand-and-control(C&C)serverinSpain.ThisbotnethasbeendubbedasoneofthebiggestnetworksofzombiePCsincyberspacealongsidetheSDBOTIRC,DOWNAD/Conficker,andZeuSbotnets.TheMariposabotnetwasinexistenceasearlyasDecember2008,androsetofameinMay2009.

However,inMarch2010cameitsshutdownandthesubsequentarrestofthreeofitsmainperpetrators.

Typically,botnetscarrywiththembinariesormaliciousfilesthattheirperpetratorsuseforvariouspurposes.Atthetimeitsnotorietywasgrowing,TrendMicrothreatanalystsfoundWORM_AUTORUN.ZRO,awormretrievedfromcompromisedsystemsthatwerefoundtobepartoftheMariposabotnet.Thiswormhastheabilitytospreadviainstant-messaging(IM)applications,peer-to-peer(P2P)networks,andremovabledrives.SomebinarieswerealsocapableofspreadingbyexploitingavulnerabilityinInternetExplorer(IE).

Justlikeanyotherbotnet,DiasdePesadilla(DDP),akatheNightmareDaysTeam,usedMariposatomakemoney.Thebotnetwasbeingusedtostealinformationsuchascreditcardnumbers,bankaccountdetails,usernamesandpasswordstosocial-networkingsites,andimportantfilesfoundonaffectedsystems’harddrives,whichcybercriminalsmayuseinanumberofways.ExpertsalsofoundthatDDPstolemoneydirectlyfrombanksusingmoneymulesintheUnitedStatesandCanada.

FurtherdiggingintoMariposa’sbusinessmodelrevealedthatitsadministratorsalsoofferedundergroundservicestopotentialclients.Someoftheseservicesincludedhackingserverstotakecontrol,encryptingbotstomaketheminvisibletosecurityapplications,andcreatinganonymousVPNconnectionstoadministerbots.Morethan200binariesoftheMariposabotnethavebeenfoundinthewild.Amongthese,usersshouldbemostwaryofinformationstealersthatcompromisenotjustbankinginformationbutalsoauser’sidentity.

4 - Shanghai World Expo as Bait in Cyber Attack

AttheendofMarch/beginningApril2010,TrendLabsidentifiedanewattack,usingapreviouslyknownAdobeexploit.Intheattack,emailedmessages,purportedlycomingfromBureauofShanghaiWorldExpo,askedrecipientstoopenafileattachedtothemessage,andtoupdatetheirsubmittedregistrationforms.TherewereindicationsthattheattackwasintentionallytargetedtowardWesternjournalistsinAsia.ItisunclearhowthedetailsofpersonsregisteredtoattendtheExpowereaccessedbythecriminals,howeverit’sworthnotingthattheWorldExpowebsitestatedthatitexpectedaround70millionattendee’stotheeventthisyear9.

Theattachmentwithinthespammedmessagewasa.PDFfilethattookadvantageofaknownvulnerability(patchedbyAdobeinFebruary2010)inAdobeAcrobatandReader(CVE-2010-0188).Oncesuccessfullyexploited,the.PDFfiledroppedabackdoorprogramontotheaffectedsystem,whichinturnenabledattackerstogainfullcontrolofavictim’smachine.

Themethodusedtoexploitthisvulnerability,onthisoccasion,differedfromthatusedpreviously.TrendMicroresearchersidentifiedthatthe.PDFfileshadanembeddedmalicious.TIFFfile.Thisembedded.TIFFfile,whenprocessedbyvulnerableAdobeproducts,triggeredthevulnerabilityandtheexecutionofarbitrarycode.Inthisattack,systeminformationsuchasComputername,CPUinformation,OSversion,andIPaddressoftheaffectedsystemwasstolenandsenttoaremoteserver.

High Profile Incidents of 1H2010

8http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf

9http://threatinfo.trendmicro.com/vinfo/web_attacks/Shanghai_Expo_Spam_Carries_Backdoor.html

13




Consultant tool.


5 - New, Shortened URLs in IM Spam, Now result in KOOBFACE Malware

Cybercriminalsareveryadeptatemployingnewtechniquesinordertotrickandinfectmoreusers.InthemiddleofAprilthisyear,TrendLabsidentifiedattacksofspamoverIM,usingshortenedURL’sfortheirmisdemeanor.ThetwisttothisstoryisarelationshipbetweenspamoverIM,BUZUSandKOOBFACE.

MostusersofinstantmessengerapplicationshaveonvariousoccasionsseenattemptstodupethemintoclickingonspamreceivedoverIMorstrangefriendrequests.

Itseemsthecybercriminalsmayhavealsorealizedthattheirpasttechniquesmaybebecominglesseffective,andTrendLabshasjustrecentlydiscoveredthatthesecriminalsarenowusingshortenedURLstospammalware.URL-shorteningservicesarenormallyusedtocompresslongandunreadableURLsintoshort,bite-sizedones.TheseshortURLsaremoreportable,andarenowgenerallypreferredoverthe(normallylong)actualURLswhensharingnewswithinnetworks,blogs,Tweets,andothersocialmediatools.URL-shorteningservicescanbeusedtohidemaliciouslinksfromview,therebytrickingusersintoclickingsuspiciouslinks.

KOOBFACEisanotoriousbotnetthatoriginallytargetedinnocentFacebookusers.Sincethen,ithasgoneontotargetothersocialnetworks,andsoitisnotsurprisingthatthecriminalsbehindthethreatarelookingtonewavenuesthroughwhichtoextendtheirnetworkofcompromisedmachines.KOOBFACEcausessomuchconsternationthatTrendLabshaspublished3separateresearchreportsonthesubject10.

6 – FAKEAV, the standard revenue generator11

Throughoutthefirstsixmonthsof2010,FAKEAV(orRogueAntivirus)continuedtobeusedbycybercriminalsasakeyrevenuegenerator.Programsdesignedtolookprofessional,eventothepointofofferingtelephonesupportservices,havebeenmaliciouslypushedtoinnocentusersunderthepretenceofinfectionandvulnerability.FAKEAVleveragessocialengineeringtocaptureusers’attentionandmakethreatsbelievable.Cybercriminalsusemultiplevectorstodelivertheirthreats.

Afewofthemethodstheyusearelistedbelow:

• Stealingfromusersdirectlybyconvincingthemto download,install,andthenpayforfakesoftware.• Infectingusersthroughmaliciouslinksplacedin searchresults–poisonedsearchresultsareotherwise knownasBlackHatSEO.• Deliveringapayloadofmaliciousroutinesorinstallers thatleaveadditionalmalwareontheinfectedsystem.• UsingsocialengineeringsitessuchasTwitter,to trickusers

Unlikemostthreats,FAKEAVsoftwaredisplaysavisualelementtothetargeteduser.Thiscomesintheformoffakeuserinterfacesthatuniversallyclaimthatthesystemhasbeeninfected.

Interestingly, FAKEAV has also become localized, with the same “tool” being found in multiple languages, as can be seen in the following screenshot:

14

10http://us.trendmicro.com/us/trendwatch/research-and-analysis/whitepapers-and-articles/index.html

11http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/threatbrief_final.pdf




Consultant tool.


Vulnerabilities

Vulnerabilitiesinapplicationshavealwaysbeenapartofthesecuritylandscape,butrecentdevelopmentstowardstheWebhavemadetheseevenmoresignificant.Forendusers,vulnerabilitieshavefacilitated“drive-by”threats,whereallthatisnecessarytobecomeinfectedbymalwareistovisitawebsite.Thewebsiteneednotbemalicious;itmaybecompromised(viamaliciousadvertisements,ortheadditionofiframesorJavascriptcode).Thisposesalargeproblemthatisnoteasytomitigate.

Inaddition,serversarecomingunderincreasingfireaswell.Assumingwell-establishedservermanagementproceduresareinplace,vulnerabilitiesbecomethebestmeansoftryingtoexecutemalwareonservers.Whilethismaybemoredifficultthancompromisingasingleusersystem,thepotentialrewardisconsequentlygreateraswell.

TrendMicroreceivesinformationaboutvulnerabilitiesbothpubliclyandprivately.Privatevulnerabilityinformationisreceivedbothfromvendors(suchasMicrosoft),third-partygroupssuchasTippingPoint’sZero-DayInitiative12,andfromthecybercriminalunderground.

Thescaleofthisthreathasbeendocumentedindependently.ApaperpresentedattheNinthWorkshopontheEconomicsofInformationSecuritydelvedintotheonlineadultindustry,butalsoprofiledwhetheruserswererunningbrowsersthatcontainedvulnerableplug-ins.Theirstudy12concludedthatastaggering88.28percentofuserswerevulnerable,asoberingnumberbyanyreckoning.

Withthesethreatsinmind,thefollowinglooksatkeyvulnerabilitystatisticsrelatedtothefirsthalfof2010.TheTrendMicroThreatEncyclopedia14includesaSecurityAdvisorysectioninwhichdetailsofallcoveredvulnerabilitiescanbefound.

Vulnerability StatisticsPublicly-knownvulnerabilitiesarecommonlyreferencedbytheCommonVulnerabilitiesandExposures(CVE)system,whichassignsauniqueidentifiertoeachvulnerability.Inthefirsthalfof2010,atotalof2,552CVEswerepublished.Thisnumberisslightlybelowthesimilarnumberforthefirsthalfof2009,whereatotalof3,086CVEswerepublished.

However,itshouldbenotedthatthisdoesnotmeanthatthevulnerabilitythreatislessening.NotallvulnerabilitiesreceiveaCVE;manyvulnerabilitiesthatareprivatelyreportedtovendorsarenotincludedinthesystem.

Byvendor,ApplehadthemostCVEsissuedinthefirsthalfoftheyear:

Whilesomevendorsreceiveasignificantamountofpressattentionforvulnerabilities,thischartservesasareminderthatthevulnerabilitythreatisfarmoremulti-prongedthanjustpatchingWindowsorupdatingFlashandAcrobat/Reader.Inaddition,someofthevendorswithlargenumbersofvulnerabilitiesfocusonenterprisesoftware,withcorrespondinglylongerpatchcyclesthatpotentiallyleaveusersatrisk.

Inaddition,thepresentationofvulnerabilityinformationtothegeneralpublicleavesmuchtobedesired.Whilesomevendorspresentvulnerabilityinformationpubliclyinwell-organizedbulletins,othersdosoinamoreadhocmannerorhidetheinformationbehindpaywallsontheirwebsites.Thismakesproperthreatassessmentonthepartofusers–bothenterpriseandconsumer–muchmoredifficult.

TheoverallscaleofthethreatposedbyvulnerabilitiesandexploitsisclearlyvisiblewhenlookingatthenumberofTROJ_PIDIEFmalwareseenbyTrendMicrointhefirsthalfoftheyear.ThePIDIEFmalwarefamilyisspecificallymadeupofmalwarethatarrivesasPDFfiles,whichexploitvulnerabilitiesintheAcrobatfamilyofproducts.Inthefirsthalfoftheyear,atotalof666newdetectionnameswereaddedtoTrendMicroproducts.Eachdetectionnamerepresentsmultiplein-the-wildvariants,resultinginatotalnumberofnewPDFthreatsnumberingintothethousands–inonlysixmonths.

12http://www.zerodayinitiative.com/13http://weis2010.econinfosec.org/papers/session2/weis2010_wondracek.pdf14http://threatinfo.trendmicro.com/vinfo/default.asp?page=1&sect=SA

15

3,500

3,000

2,500

2,000

1,500

1,000500

0CVEs

2009

2010

CVEs20018016014012010080604020

0

CVEs

App

le

Mic

roso

ft

Ora

cle

Ado

be

Cis

co

IBM

Sun

Moz

illa

Linu

x

HP

Nov

ell

PH

P

Apa

che

Red

hat

Free

BS

D




Consultant tool.


15http://us.trendmicro.com/us/trendwatch/core-technologies/index.html16http://us.trendmicro.com/us/home/enterprise/17http://trendmicro.mediaroom.com/index.php?s=43&news_

item=830&type=current&year=0)18http://us.trendmicro.com/us/home/small-business/

Smart Protection Network

TheTrendMicro™SmartProtectionNetwork™infrastructuredeliversadvancedprotectionfromthecloud,blockingthreatsinreal-timebeforetheyreachyou.Bycontinuouslyprocessingthethreatintelligencegatheredthroughitsextensiveglobalnetworkofhoneypots,customersandpartners,TrendMicrodeliversautomaticprotectionagainstthelatestthreatsandprovides“bettertogether”security,muchlikeanautomatedneighborhoodwatchthatinvolvesthecommunityinprotectionofothers.Becausethethreatinformationgatheredisbasedonthereputationofthecommunicationsource,notonthecontentofthespecificcommunication,theprivacyofacustomer’spersonalorbusinessinformationisalwaysprotected.

TrendMicroSmartProtectionNetworkusespatent-pending“in-the-cloudcorrelationtechnology”withbehaviouranalysistocorrelatecombinationsofweb,emailandfilethreatactivitiestodetermineiftheyaremalicious.Bycorrelatingthedifferentcomponentsofathreatandcontinuouslyupdatingitsthreatdatabases,TrendMicrohasthedistinctadvantageofbeingabletorespondinrealtime,providingimmediateandautomaticprotectionfromemail,fileandWebthreats.

AnotherkeycomponentoftheTrendMicroSmartProtectionNetworkisintegratedSmartfeedbackthatprovidescontinuouscommunicationbetweenTrendMicroproductsaswellasthecompany’s24/7threatresearchcentersandtechnologiesinatwo-wayupdatestream.Eachnewthreatidentifiedviaasinglecustomer’sroutinereputationcheck,forexample,automaticallyupdatesallofTrendMicro’sthreatdatabasesaroundtheworld,blockinganysubsequentcustomerencountersofagiventhreat.

FurtherinformationandbenchmarksforTrendMicroSmartProtectionNetworkcanbefoundintheCoreTechnologiesareaofTrendWatch15.

Solutions and Services

Trend Micro™ Enterprise Security

TrendMicroEnterpriseSecurityisatightlyintegratedofferingofcontentsecurityproducts,services,andsolutionsthattakefulladvantageoftheTrendMicroSmartProtectionNetwork™.Optimizedtodeliverimmediateprotection,TrendMicroEnterpriseSecurityalsodramaticallyreducesthecostandcomplexityofsecuritymanagement.

ForfurtherinformationaboutTrendMicroEnterpriseSecurity,visittheEnterprisesectionoftrendmicro.com16

Trend Micro SecureCloud™

NowavailableasaBetareleaseforearlyadoptersofcloudcomputing17,TrendMicroSecureCloudisahostedkey-managementanddata-encryptionsolutiondesignedtoprotectandcontrolconfidentialinformationthatyoudeployintopublicandprivatecloud-computingenvironments.

Trend Micro Worry-Free Business Security

Designedspecificallytofittheneedsofsmallbusinesses,Worry-FreeBusinessSecurityprotectsyourcomputerswhereverthey’reconnected—intheoffice,athomeorontheroad.PoweredbytheTrendMicroSmartProtectionNetwork,threatsaredetectedfastertokeepyourdatasafeandyourprotectionconstantlyupdated.

FurtherdetailsandthebenefitsofTrendMicroWorry-FreeBusinessSecuritycanbefoundontheSmallBusinesssectionoftrendmicro.com18.

Trend Micro Titanium

Combiningeasy-to-usesecuritywithcloud-clienttechnologiesTrendMicroTitaniumblocksthreatssuchasinfectedwebsites,phishingattacks,virusesandspywarebeforetheycanreachausers’computer.State-of-the-artprotectionforusers’dataisdeliveredwhileensuringthatcomputerperformanceisnotimpacted.

DetailsoftheTrendMicroTitaniumproductlinecanbefoundatwww.trendmicro.com/titanium.

Trend Micro Technology and Protection

16




Consultant tool.


Advice for Businesses Adopting Cloud Strategies

InMarch2010theCloudSecurityAlliance(CSA)published“TopThreatstoCloudComputingV1.0”19tohelporganizationsbetterunderstandtherisksofcloudcomputingandtoconsequentlymakemoreinformedriskmanagementdecisionswhenadoptingcloudstrategies.

Withtherightapproachandsecuritysolutionsthepubliccloudcanbejustassecureasatypicaltraditionalcorporatedatacentre.Werecommendthatorganizationsprovidetheirownlayersofsecurityinadditiontothatwhichisaffordedbycloudproviders.

1. Encryptallsensitivedata–theinformationthatisexclusiveto,andownedby,yourorganization.Theoperatingsystemandapplicationsarelessimportanthere–typicallyinthecloudtheyarestandardimagesthataresimplyrecycledbacktoamasterimageonshutdown.It’stheinformationproprietarytoyou,orthatyouhavecollectedfromcustomersandbusinesspartners,whichyougenerallyhavealegalobligationtoprotect.

2. EnsurethatyourFirewall,IPS,andIDSprotecteachofyourvirtualmachinesseparately.ParticularlyinaPublicCloudenvironmenttheothervirtualmachinesrunningonthesamephysicalhardwareasyoushouldbeconsideredhostile.Thefirewallatthecloudproviders’perimetercan’thelpyouhere.

3. Onlydecryptyourdatawithinthatsecurecontaineryou’veestablishedforyourvirtualmachine.Besureyoucheckfortamperinganddatastealingmalwarebeforedecryptingyourdata.

4. Makesurethatyouareincontroloftheencryptionkeys–it’syourdata!

TrendMicroofferstwoproducts–DeepSecurity™andSecureCloud™whichwhenlayeredtogethercanachievethefourrecommendationsaboveandcounterthethreatsidentified.

DeepSecurityisavailableandalreadyinwidespreaduseandSecureCloudenteredpublicbetaoverthesummerfollowingsuccessfulpilottrials20.

Advice for Businesses

Use effective solutions to protect your business.

• Toprotectyourcompanynetwork,deploysolutionsthatusecloud-basedprotection.TechnologysuchastheTrendMicroSmartProtectionNetworkcombinesInternet-based(“in-the-cloud”)technologieswithlighter-weight,clientstohelpbusinessesclosetheinfectionwindowandrespondinrealtimebeforethreatscanevenreachauser’sPCorcompromiseanentirenetwork.BycheckingURLs,emails,andfilesagainstcontinuouslyupdatedandcorrelatedthreatdatabasesinthecloud,customersalwayshaveimmediateaccesstothelatestprotectionwherevertheyconnect.

• Phishingposesasignificantthreatfororganizations.Phishingsitescancompromiseyourbrandand/oryourcompany’simageaswellasyourabilitytokeepyourcustomers’confidencewhileconductingbusinessovertheInternet.Protectyouremployeesandcustomersbyprocuringallbrand-relatedandlook-alikedomainnames.

• Stayaheadofthethreatsbyreadingsecurity-relatedblogsandrelatedinformationpages(i.e.,ThreatEncyclopedia21,CloudSecurityBlog22,TrendLabsMalwareBlog23andsocialnetworkssuchasTwitter24)whichcanhelpwarnandeducateuserswhomightotherwisebedrawntowebsitesunderfalsepretenses.

• Educateyouremployeesabouthowcybercriminalslurevictimstotheirschemes;makeuseofthreatinformationprovidedonsecurityvendorsiteslikeTrendWatch.

• TrydownloadingtoolssuchastheTrendMicroThreatWidgettohelpraiseawareness

19http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf20http://trendmicro.mediaroom.com/index.php?s=43&news

item=830&type=current&year=021http://threatinfo.trendmicro.com/vinfo/default.asp?sect=SA22http://cloudsecurity.trendmicro.com/23http://blog.trendmicro.com24http://twitter.com/trendmicro

17




Consultant tool.


Safeguard your customers’ interests.

• Standardizecompanycommunicationsandletyourcustomersknowaboutyouremailandwebsitepolicies.Thisway,youcanhelpyourcustomersbetteridentifylegitimatemessages.

Avoidsending“phishy”-lookingemailmessagesbyfollowingtheseguidelines:

Donotrequestpersonalinformation throughemail.

Personalizeemailwhenpossible.

DonotredirecttoanotherdomainfromtheURLprovidedtocustomers.

Donotrelyonpop-upwindowsfordatacollection,especiallythosewithnoaddressbarsornavigationalelements.

Donotuseinstantmessagingorchatwithcustomersunlesstheyinitiatethecommunication.

Beexplicitinthedetailofcommunicationsthatrequiretheimmediateactionorattentionofrecipients.

Establish and implement effective IT usage guidelines.

• Justasyouwouldneverleaveyourfrontdoorunlockedwhenyouarenothome,youmusttakethesameprecautionswithyourcomputersystemtomakesureyourbusinessisprotected.Protectingyourbusinessrequiresyoutoeducateyourselfandyouremployeesaboutsafecybersecuritypractices.AcomprehensivesetofITusageguidelinesshouldfocusonthefollowing:

Prevention.Identifysolutions,policies,andprocedurestoreducetheriskofattacks.

Resolution.Intheeventofacomputersecuritybreach,youshouldhaveplansandproceduresinplacetodeterminewhatresourcesyouwillusetoremedyathreat.

Restitution.Bepreparedtoaddressthe

repercussionsofasecuritythreatwithyouremployeesandcustomerstoensurethatanylossoftrustorbusinessisminimalandshort-lived.




Consultant tool.


18

Top Tips for End Users

Keep your personal computer current with the latest software updates and patches.

• ApplythelatestsecurityupdatesandpatchestoyoursoftwareprogramsandOSsandenableautomaticupdateswherepossible.SincecybercriminalstypicallytakeadvantageofflawsinthesoftwaretoplantmalwareonyourPC,keepingyoursoftwarecurrentwillminimizeyourexposuretovulnerabilities.

Protect yourself and your personal computer.

• Ifyoureceiveanemailrequestingpersonalorconfidentialinformation,donotrespondorprovidethisinformationvialinksorphonenumbersintheemail.Legitimateorganizationssuchascreditcardcompaniesandbankswillneverrequestthisinformationviaemail.

• Bewareofunexpectedorstrange-lookingemailsandinstantmessages(IMs)regardlessofsender.NeveropenattachmentsorclicklinksintheseemailsandIMs.Ifyoutrustthesender,scantheattachmentsbeforeopening.NeverprovidepersonalinformationinyouremailorIMresponses.

• Regularlycheckyourbank,credit,anddebitcardstatementstoensurethatalltransactionsarelegitimate.

• BewareofWebpagesrequiringsoftwareinstallation.Scanprogramsbeforeexecutingthem.Alwaysreadtheend-userlicenseagreement(EULA)andcancelifyounoticeotherprogramsbeingdownloadedinconjunctionwiththedesiredprogram.

• Donotprovidepersonalinformationtounsolicitedrequestsforinformation.

• Ifitsoundstoogoodtobetrue,itprobablyis.Ifyoususpectanemailisspam,deleteitimmediately.RejectallIMsfrompeoplewhomyoudonotknow.

• Whenshopping,banking,ormakingothertransactionsonline,makesurethewebsiteaddresscontainsansasinhttps://www.bank.com.YoushouldalsoseealockiconinthelowerrightareaofyourWebbrowser.

Choose secure passwords.

• Useacombinationofletters,numbers,andsymbolsandavoidusingyourfirstandlastnamesasyourloginname.

• Avoidusingthesamepasswordforallyourloginneeds.Donotusethesamepasswordforyourbankingsitethatyouuseforyoursocialnetworkingsites.

• Changeyourpasswordeveryfewmonths.




Consultant tool.


19

About TrendLabs

TrendLabsisamultinationalresearch,development,andsupportcenterwithanextensiveregionalpresencecommittedto24/7threatsurveillance,attackprevention,andtimelyandseamlesssolutionsdelivery.

Withmorethan1,000-strongstaffofthreatexpertsandsupportengineersdeployedround-the-clockatlabsaroundtheglobe,TrendLabsenablesTrendMicroto:

• Continuouslymonitorthethreatlandscapeacross theglobe• Deliverreal-timedatatodetect,preempt,and eliminatethreats• Researchandanalyzetechnologiestocombat newthreats• Respondinreal-timetotargetedthreats• Helpcustomersworldwideminimizedamages,reduce costs,andensurebusinesscontinuity

TrendLabshasfacilitiesinthefollowing12locations:

• Manila,Philippines(HQ)• Arlington,TX,USA• Cupertino,CA,USA• LakeForest,CA,USA• Shanghai,China• SaoPaulo,Brazil• Cork,Ireland• Paris,France• Tokyo,Japan• Taipei,Taiwan• Marlow,UnitedKingdom• Munich,Germany

NotethatthesefacilitiescanperformallorpartofcriticalTrendMicroservicessuchastechnicalsupport,malwareanalysisandsolutionsdelivery.

TrendLabs Locations




Consultant tool.


About Trend Micro:

TrendMicroIncorporated,agloballeaderinInternetcontentsecurity,focusesonsecuringtheexchangeofdigitalinformationforbusinessesandconsumers.Apioneerandindustryvanguard,TrendMicroisadvancingintegratedthreatmanagementtechnologytoprotectoperationalcontinuity,personalinformation,andpropertyfrommalware,spam,dataleaksandthenewestWebthreats.VisitTrendWatchatwww.trendmicro.com/go/trendwatchtolearnmoreaboutthelatestthreats.

TrendMicro’sflexiblesolutions,availableinmultipleformfactors,aresupported24/7bythreatintelligenceexpertsaroundtheglobe.ManyofthesesolutionsarepoweredbytheTrendMicro™SmartProtectionNetwork™infrastructure,anext-generationcloud-clientinnovationthatcombinessophisticatedcloud-basedreputationtechnology,feedbackloops,andtheexpertiseofTrendLabs(SM)researcherstodeliverreal-timeprotectionfromemergingthreats.Atransnationalcompany,withheadquartersinTokyo,TrendMicro’strustedsecuritysolutionsaresoldthroughitsbusinesspartnersworldwide.Pleasevisitwww.trendmicro.com.

Date post:	12-Sep-2021
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times