8/2/2019 Threat Trends Report q1 2011 En
1/20
Trend Micro
TrendLabsGlobal Threat Trends 1H 2010
8/2/2019 Threat Trends Report q1 2011 En
2/20
Threat Trends 4
Email Threat Trends 5
Web-Based Threat Trends 8
File-Based Threat Trends 9
Cybercrime and Botnets 10
Underground Economy 12
High Prole Incidents o 1H2010 12
Vulnerabilities 15
Trend Micro Technology and Protection 16
Smart Protection Network 16
Solutions and Services 16
TrendMicroEnterpriseSecurity 16
TrendMicroSecureCloud 16
TrendMicroWorry-FreeBusinessSecurity 16
TrendMicroTitanium 17
AdviceorBusinessesAdoptingCloudStrategies 17
AdviceorBusinesses 17-18
TopTipsorEndUsers 19
About TrendLabs 20
Table o Contents
8/2/2019 Threat Trends Report q1 2011 En
3/20
Introduction
Cybercrime is now a ully fedged, but highly illegal business.
And its all about money.
AstheUndergroundEconomyhasgrownandfourished,cybercriminalshavedeveloped
newmethodsortrickingvictims.Theirscamsareamazinglylucrative,withprotstotaling
inthebillionsperyear.ManyperpetratorshailromEasternEuropewherecybercrime
isrampantandconsideredbusinessasusual.Canadianpharmacyspam,akeantivirus
andothersarepartoawell-organizedbusinessmodelbasedontheconceptoaliate
networking.Inthecaseocybercrime,productssoldviaaliatemarketingmaybehighly
protable,althoughhighlyillegalsuchasclickraudandsellingcreditcarddetails.
InthisreportcoveringJanuarytoJune2010,weexaminevariouscybercrimeincidents,
thecriminalsuseomultipletoolssuchasbotnets,andlookatthreattrendsandactivity
currentlycausing,andlikelytocontinuetocausethemostpain,costanddisruptionto
connectedusersacrosstheworld.
Manythreatshaveevolvedinrecenttimes,becomingmoresilent,andmoreinsidious.
Threatsareintertwinedmeaningalmosteverythreatcomprisesmultiplecomponents
orattacking,inectingandcompromisingdata.Componentsalwaysrelatetooneormore
otheollowingthreevectorsemail,webandle.Duringtherstsixmonthso2010
TrendLabsSMidentiedEuropeasthelargestsourceospamemails,whileEducationisthe
industrymostaectedbymalwarecompromise.Meanwhile,theUSistheprimarysource
omaliciousURLs.
Vulnerabilityexploitsareakeyassetusedbycybercriminals.Theybuyandsellvulnerability
inormation,exploitcode,aswellasothertypesomalware.Inthersthalo2010,over
2500commonvulnerabilitiesandexposures(CVEs)wererecorded.
Proessionalcriminalsarewidelyknowntobetheperpetratorsoalmostallthreats.
Botnetsaremanagedandrunasanenterpriseorganizationmanagesitsnetwork.Making
moneyistheprimaryaim.
3
8/2/2019 Threat Trends Report q1 2011 En
4/20
Threat Trends
The Trend Micro Smart Protection Network inrastructure
delivers advanced protection rom the cloud, blocking threatsin real-time beore they reach you. Leveraging a unique, cloud-
client architecture, it is powered by a global network o threat
intelligence sensors, email, Web, and le reputation technologies
that work together to dramatically reduce inections.
TheSmartProtectionNetworkisnowseeing45billionqueriesevery24hours,whileit
blocks5billionthreatsandprocesses2.5terabytesodataonadailybasis.Onaverage80
millionusersareconnectedtothenetworkeachday.
ThiscommunityousershelpsenableTrendMicroSmartProtectionNetworktocontinue
evolvingandimprovingprotectioninreal-time.
Theollowingdatapoints,takenromSmartProtectionNetworkandothersupporting
monitoringsystems,provideacomprehensiveinsightintothethreatsTrendMicro
protecteditsusersagainst,intherstsixmonthso2010.
4
8/2/2019 Threat Trends Report q1 2011 En
5/20
Spam
SpamcontinuedtogrowbetweenJanuaryandJune2010,
albeitwithabrieintervalduringApril.
Themostnotablechangebetweentherstandsecond
quarterso2010,wasthereductioninspamromAPAC
andtheincreaseinspamromEurope.Countriesstrongly
contributingtothegrowthinspamromEuropeinclude
Germany,UK,ItalyandFrance.
Currently,TrendLabsmonitors38languagesanddialects
usedinspam.Thiscoverageiscontinuouslybeing
improvedtoprovideincreasedprotectionagainsthighly
localizedspam.Morethan95%ospamisinEnglish.For
thenon-Englishspam,thetopmostcommonlanguages
receivedareRussian,Japanese,Chinese,Spanish,
andFrench.
Mostothespamtrackedduringthepastsixmonthsall
undertheollowingthreecategories:Commercial(28%),
Scams(22%),orHealth/Medical(15%).Intermsospam
technique,37%ototalsamplesuseHTML,ollowedby
PlainText(25%)andShortSpam(10%).
Spam Volume
3,500,000,000
3,000,000,000
2,500,000,000
2,000,000,000
1,500,000,000
1,000,000,000
500,000,000
0.00
JAN
FEB
MAR
APR
MAY
JUN
Regional Spam Sources - Q1
31%
38%
14%
14%
3% 0%
APAC
Europe
North America
South America
Unknown
Africa
Regional Spam Sources - Q2
28%
44%
14%
11%
3% 0%
APAC
Europe
North America
South America
Unknown
Africa
Spam Technique Distribution
25%
37%
6%
10%
4% 2%
5%1%0%
Plain Text
HTML
Image
PDF/RTF attached
GIF/JPEG attachedRAR/Zip attached
XLS attached
DOC/TXT attached
HTML Inserts
Short Spam
Salad
Others
3%
6%
Email Threat Trends
5
8/2/2019 Threat Trends Report q1 2011 En
6/20
8/2/2019 Threat Trends Report q1 2011 En
7/20
Theollowingchartshowsthetotalnumberospambot
inectedcomputersTrendLabsidentiedpercountry.A
spambotisaninectedcomputercontrolledbyabotnet
knowntoprolicallydistributespam,althoughitis
unlikelytobelimitedtoonlythistypeoactivity.Note,
thatthisisnotthetotalnumberoinectedcomputers
asmanybotsarenotusedtodistributespam.
However,thetotalnumberoactivespammingIPsin
IndiaandBrazilarewellaheadotheirclosestrival,
Germany.Inthepast6months,bothIndiaandBrazil
haveullyemergedascentralcountriesinthecyber
criminallandscape.
Phishing
Targeted Entities
Inalphabeticalorder,theourmostpopularentities
targetedviabothphishingemailandspooedsitesinthe
rstsixmonthso2010were(1)BankoAmerica,(2)eBay,
(3)HSBC,and(4)PayPal.
Whilethemajorityothetop10targetedentitiesare
commercialornancialentities,socialmediaplatorms
likeFacebookandTwitter,aswellasMMORPGslike
WorldoWarcrat,werealsoconsistentlypresent.The
majorityothenewentitiesbeingtargetedbyphishers
arelocalbanksinspeciccountries(e.g.,Italy,Malaysia,
UnitedStates)andonlinegamingservices(seebelow,in
alphabeticalorder):
AirAcademyFCU:acreditunionwithbranches
inColorado
BancaDelMontediLucca
BancaCarige:acommercialItalianbank,including
someoitssubsidiarieslikeCassadiRisparmiodi
CarraraandCassadiRisparmiodiSavona
BancaCesarePonti:acommercialItalianbank
BancaSai:acommercialItalianbank
Battle.net:anonlinegamingserviceoperatedby
BlizzardEntertainment
CassadiRisparmiodiFerrara:acommercial
Italianbank
CenturyLink:atelecommunicationscompanyinthe
UnitedStates FirstCaribbeanInternationalBank:aBarbados-based
bankoperatingintheCaribbean
iQuebec:aFrench-languageInternetportal
Lottomatica:anItaliangamingcompany
NantahalaBank&TrustCompany:anAmericanbank
NCSot:anonlinegamingserviceprovider
PinnacleBank:anAmericanbank
PresidentsChoiceFinancial:aCanadianbank
PublicBankBerhad:aMalaysianBank
SCRIGNOorBancaPopolareDiSondrio:an
Italianbank
Phishing Techniques
BetweenJanuaryandJune2010,phisherscontinuedthe
trendoexplicitlydisplayphishingURLs.Thisindicates
victimsstilltrustthatasiteisauthenticbasedonmore
obviousvisualcluessuchasthesitesappearanceanduse
ocorrectcompanylogos,insteadoinspectingtheURL
addressbar.
7
1H10 Total Host Count by Country
0
25,000,000
20,000,000
15,000,000
10,000,000
5,000,000
IND
BRA
DEU
VMN
RUS
USAITA
GBR
UKR
SAU
COL
ESP
POL
CHN
ARG
TWN
ROM
THA
TUR
SRB
GRC
PRTIDN
PAK
others
8/2/2019 Threat Trends Report q1 2011 En
8/20
Web-Based Threat Trends
TheonslaughtothreatsusingtheWebasameans
topropagatewillincreasinglycausechallengesor
organizationsandendusers.
Bad Actors vs. Victims
BadActorsreerstothesourceomaliciousURLs.The
UnitedStateshasconsistentlybeentheprimarysource
omaliciousURLs,whileJapanaccessedthegreatest
numberomaliciousURLs.Similarly,NorthAmericais
thetopcontinentthathasthemostmaliciousURLs,while
Asiaisthecontinentwithmostvictims.
Top URLs and Domains Blocked
BelowisthelistotheURLsthatconsistentlyappearedin
thetop10or4-6months(innoparticularorder):
Belowisthelistodomainsthatconsistentlyappearedin
thetop10or4-6months(innoparticularorder):
8
Growth in Malicious URLs
4,000,000,000
3,500,000,000
3,000,000,000
2,500,000,000
2,000,000,000
1,500,000,000
1,000,000,000
500,000,000
0
JAN
FEB
MAR
APR
MAY
JUN
# JAN FEB MAR Q1
1 UnitedStates UnitedStates UnitedStates UnitedStates
2 China China China China
3 N etherlands Netherlands Netherl ands Netherl ands
4 RussianFederation
Germany Germany Germany
5 Germany RussianFederation
Romania RussianFederation
6 Romania Japan Japan Romania
7 Japan Romania RussianFederation
Japan
8 France France UnitedKingdom France
9 U ni te d Ki ngdo m U n ite d Ki ngdo m Fran ce U ni ted K in gd om
10 Ukraine Canada Canada Canada
11 BosniaandHerzegovina
Ukraine Ukraine Ukraine
12 Canada SouthKorea SouthKorea SouthKorea
13 SouthKorea Italy Italy Sweden
14 Sweden Sweden Sweden Italy
15 Portugal Poland Australia Poland
16 Poland Turkey Bahamas BosniaandHerzegovina
17 Italy Australia Turkey Turkey
18 Turkey CzechRepublic Poland Australia
19 Australia Taiwan CzechRepublic Portugal
20 Israel Panama Panama CzechRepublic
URL Description
ad.globe7.com:80/irame3(USA) ContainsmaliciousIFRAMEcode
bid.openx.net:80/json(USA) KnowntodownloadTROJ_AGENTvariants
delivery.adyea.com:80/lg.php(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.ininthedrivesrootdirectories
dt.tongji.linezing.com:80/tongji.do(CHN)
RelatedtoJS_DLOADR.ATF
hot1.xgazo.ino:80/pic.php(USA) Proxyavoidancesite
newt1.adultadworld.com:80/jsc/z5/2.html(USA)
Adultwebsite
openxxx.viragemedia.com:80/www/delivery/ar.php(NLD)
Knowntohostadware
URL Description
bid.openx.net(USA) KnowntodownloadTROJ_AGENTvariants
delivery.adyea.com(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.ininthedrivesrootdirectories
dt.tongji.linezing.com(CHN) RelatedtoJS_DLOADR.ATF
h ot 1. xga zo. ino ( USA) P roxy avo id an ce si te
newt1.adultadworld.com(USA) Adultwebsite
openxxx.viragemedia.com(NLD) Knowntohostadware
tracconverter.biz(USA) KnowntobeaccessedbyConcker/DOWNADvariants
# APR MA JUN Q2
1 UnitedStates UnitedStates UnitedStates UnitedStates
2 China China Ireland China
3 Netherlands Romania China Ireland
4 Germany Germany Romania Romania
5 Romania Japan Japan Germany
6 Japan UnitedKingdom Germany Japan
7 UnitedKingdom Netherlands UnitedKingdom Netherlands
8 Ru ss ia n Fe de rat ion U kra in e N et he rl an ds U ni te d Ki ng do m
9 Ukraine RussianFederation RussianFederation RussianFederation
10 France France Ukraine Ukraine
11 Canada SouthKorea France France
12 SouthKorea Canada SouthKorea Canada
13 Italy Australia Canada SouthKorea
14 Australia Italy Sweden Australia
15 Sweden Belgium Belgium Sweden
16 Turkey Sweden Australia Belgium
17 Bahamas Taiwan Latvia Italy
18 Singapore Bahamas Italy Bahamas
19 CzechRepublic Singapore Bahamas Latvia
20 Poland Poland Taiwan Taiwan
Monthly Top 20 Bad Actors by Country
8/2/2019 Threat Trends Report q1 2011 En
9/20
File-Based Threat Trends
New Malware Creation
Inordertoensurewidesourcingomalwaresamples,
TrendMicrohasitsownresearchandmonitoringsystems
andalsocollaborateswithmultipleindependentthird
parties.Includedamongtheseindependentthirdpartiesis
AV-test.org.Calculationsbaseduponthetotalnumbero
uniquesamplescollectedin2009,anewpieceomalware
iscreatedevery1.5seconds.
TrendLabsnowseesintheregiono250,000samples
eachday.However,recentestimatesplacethenumbero
uniquenewmalwaresamplesintroducedinasingledayat
greaterthan60,000uniquesamples.
Trojansaccountorabout60percentonewsignatures
createdbyTrendLabs,and53percentooverall
detectionsasoJune.BackdoorsandTrojan-spyware,otenassociateddenedascrimewareordata-stealing
malware,comeinsecondandthirdplaces,respectively.
However,themajorityoTrojansleadtodata-stealing
malware.
Inections according to Industry
ThechartbelowclearlyindicatesthatEducationasan
industryhasbeenhardesthitbyinectionsinthersthal
o2010.Thisislikelyowingtothenumberostudents
usingoldandoutodatesotwareandsecurity,and
possiblyvisitingsuspectwebsites.Theseissuescompound
thechallengesrelatedtosecuringacomplex,distributed
anddiverseinrastructure.
Inection breakdown by Industry
Inections tracked, by Industry over Time
New Unique Samples Added to
AV-Test.orgs Malware Collection
1,500,000
1,000,000
500,000
0
2,000,000
2007-01
2007-03
2007-05
2007-07
2007-09
2008-01
2008-03
2008-05
2008-07
2008-09
2008-11
2009-01
2009-03
2009-05
2007-07
2007-09
2009-11
2010-01
2010-03
Unique
Samples
Added
NEWThreat Every
1.5Seconds
TESTGrowth
3 Month Median
Forecast
Utilities
Technology
Other
Materials
Healthcare
Financial
Education
Transportation
Retail
Oil and Gas
Manufacturing
Government
Fast-Moving Consumer Goods (FMCG)
Communications and Media
Telecommunications
Real estate
Media
Insurance
Food and beverage
Energy
Banking
200,000,000
150,000,000
100,000,000
50,000,000
0
JAN
FEB
MAR
APR
MAY
JUN
10%
4%1%
Banking
Communication/Media
Education
Energy
Fast-Moving Consumer Goods
Financial
Food and beverage
Government
Healthcare
Insurance
Manufacturing
Materials
Media
Oil and gas
Other
Real estate
Retail
Technology
Telecommunications
Transportation
Utilities
2% 3%0%1%
6%
2%
0%0%
0%4%
0%1%
3%2%
44%10%
1%
2%
9
8/2/2019 Threat Trends Report q1 2011 En
10/20
Cybercrime and Botnets
Botnets are the tool of choice for distributing malware,
perpetrating attacks and sending slews of spam
email. Through these botnets, botnet herders the
Cybercriminals behind the botnets earn millions of dollars
in money stolen from innocent computer users.
These cybercriminals buy and sell, build partnerships and
rent services just as above-board business would; the
main difference being the legitimacy and legality of the
products, solutions and services they handle.
In an effort to help better explain cybercrime, in April
2010, TrendLabs forward looking research grouppublished the following correlation map to provide
a pictorial representation of the cybercriminal
business model4.
This chart may on the face of it, seem quite complicated,
but we can illustrate by using BREDO and CUTWAIL as
an example.
CUTWAIL spammed messages contain BREDO variants,
therefore it can be assumed that the criminals behind
BREDO are paying the criminals behind CUTWAIL to send
spam containing BREDO. It is also likely that they are
paid per machine infected by the BREDO variant they
spammed. Note that these infected machines, which are
part of the CUTWAIL botnet, report back to the BREDO
botnet master.
The same thing happens between ZeuS and BREDO. The
criminals behind ZeuS pay the criminals behind BREDO to
install their (ZeuS) malware on infected machines. As we
all know, ZeuS malware steals bank account information,among other things (e.g., POP3 and FTP accounts).
CUTWAIL
BREDO
SASFIS
KOOBFACE
ZEUS
TDSS FAKEAV
How the thread is delivereda.k.a. PUSHDO
usually found in
social networking
sites
a.k.a
BREDOLAB
BREOLAB
notorious
information
stealer
Approved for
rootkit capabilities
spamware used to extort
money from victims. IT
exchange for fake
security software
used to deliver
Malware as pay per
install or pay per
access models
SPAM
Pay per Install
WALEDAC
10
4
http://blog.trendmicro.com/spotlighting-the-botnet-business-model/
8/2/2019 Threat Trends Report q1 2011 En
11/20
Thereisanongoingcycleomoneymovingromone
placetoanother.Inanotherexample,criminalsbehind
FAKEAVgetpaidiusersbuytheirakeantivirus
programsandtheyusethismoneytopayotherbotnetsto
spreadtheirprograms.
Attheendotheday,theaimothissuccessiono
inectionsistostealmoneyromaectedusers.Keepin
mindthateverytimeaprimarybotnetdownloadsanother
malware,criminalsbehindthebotnetarepaid.
TrendLabsexpertsseethiscyclecontinuing,andevolving
constantly.ArguablytwothreatsthathavehadthemostimpactinthepastsixmonthsareZeuSandKOOBFACE.
ZeuS
ZeuSisprimarilyacrimewarekitdesignedtostealusers
onlinebankinglogincredentials,amongotherthings.Itis
thehandiworkoEasternEuropeanorganizedcriminals
thathasnowenteredtheundergroundcybercriminal
marketasacommodity.ZeuShasprolieratedinpart
duetotheavailabilityotheseZeuStoolkits,whichallow
cybercriminalstorapidlycreateZeuSvariantsinamatter
ominutes.HundredsonewZeuSvariantsareseenby
TrendMicroeveryday,andthisisnotlikelytochangein
thenearuture.
AnewversionotheZeuSmalwarehasalsobeen
encounteredinthewildsincethestartotheyear.These
newversions,requentlyreerredtoasZeuS2.0versions,
havehadtheirbehaviorchangedtobecomemoredicult
todetectandremoveromsystems.Inaddition,thisnew
versionalsoincludesdeaultsupportorcurrentversions
oWindows,wherebeoreithadtobeacquiredasan
upgrade5.
KOOBFACE
KOOBFACEhasbeenaroundsincelastyear,gearingup
tobecomethelargestsocialnetworkingthreattodate.
Intheearlypartothisyear,TrendLabsexpertsnoted
thattheKOOBFACEgangwascontinuouslyupdatingtheir
botnet:changingthebotnetsarchitecture,introducing
newcomponentbinaries,andmergingthebotnets
unctionswithotherbinaries.Theyalsobeganencrypting
theirC&Ccommunicationstoavoidmonitoringand
takedownbysecurityresearchersandtheauthorities.
KOOBFACEattacksusersonseveralsocialnetworking
sites,andgiventheincreasingusageacrossall
demographics,theKOOBFACEgangwillnotlikelyletgo
othismoney-generatingscheme.Inact,ithadbegun
trackingvisitors,asevidencedbyashortJavaScript
codeoundintheakevideopagestheganghassetup.
Thisenablesthecreatorstocorrelateuseractivitybased
ontimeodayandvolumeosuccessulKOOBFACE
inections6.
5http://us.trendmicro.com/imperia/md/content/us/trendwatchresearchandanalysis/zeusapersistentcriminalenterprise.pd
6http://us.trendmicro.com/imperia/md/content/us/trendwatch
researchandanalysis/web_2_0_botnet_evolution_-_koobace_revisited__may_2010_.pd
11
8/2/2019 Threat Trends Report q1 2011 En
12/20
During their monitoring, experts from TrendLabs
identified the following items and their average price tag,
for sale on the underground.
Documents Scan Resale Services:
Passport/utility bill/statement - $20
Credit card (front and back) - $25
Passport/utility bill/statment - $20
Original docs - starts from $4
Passport - $20
Drivers License - $20
Credit cards - $30
Utility bill - $10
US Credit Card Sales:
US credit cards selling: USA /Master Card / VISA
Price $0.80c - $1 each
EU credit cards
Credit cards: Denmark, Greece, Ireland (Eire), Latvia,
Netherlands, Norway, Sweden
Price - $3 per card
Credit Card Money Cashers
Card information input service
Person inputs the information of the credit card in onlineshops, for delivery to the requested address
Price - $5
PayPal accounts selling
Sell Hacked PayPal accounts
Price - 30% of the current balance on the PayPal account
Between January and June 2010, there were many high
profile threat incidents. The following threat incidents are
those we believe had most impact on users and/or the
security industry.
1 The IE and other Zero Day Attacks7
In January, spammed emails loaded with malware files
were sent to users and malicious sites were been found to
contain hidden JavaScript malware that took advantage
of a zero-day vulnerability exploit in Internet Explorer. All
versions of Internet Explorer (except v5.01) were affected
and the exploit was known to send backdoor Trojans to
affected systems.
Once executed, these malicious backdoor files stole
information which was sent to a remote user. This zero-
day vulnerability was subsequently reprogrammed to
avoid a security feature in Internet Explorer forcing
Microsoft to release an out-of-band patch (Microsoft
Security Bulletin MS10-002) on 21 January. Some reports
also suggest that cybercriminals are also launching
attacks using recent vulnerabilities found in Adobe
Reader and Acrobat.
Independent researchers surmised that about 34
companies were affected by what was been described as a
highly sophisticated and targeted attack. This situation
is in line with the Trend Micro prediction that there would
be No global outbreaks, but localized and targeted
attacks.
2 ZeuS, ZBOT and Kneber
ZeuS, Kneber and ZBOT all relate to the notorious ZeuS
crimeware. In February, Kneber hit the headlines and
shone a spotlight on ZeuS, an established toolkit known
to be leveraged by many other threats, it is one of the
most dangerous threats online. ZeuS is often mistakenly
referred to as a botnet in fact, ZeuS is made up of many,many small botnets, all linked by their use of the same
crimeware.
ZeuS may arrive as an attachment or link in a spammed
message or be unknowingly downloaded via compromised
websites. Most ZeuS botnets target bank-related websites,
however, in the first 6 months of 2010, Trend Micro
monitored activity including:
Spam targeting government agencies
Phishing attacks that target AIM users
ZBOT variants that target the social networking
site Facebook
Underground Economy High Profile Incidents of 1H2010
7 http://threatinfo.trendmicro.com/vinfo/web_attacks/Zero-Day_Internet
Explorer_Bug_Downloads_HYDRAQ.html
12
8/2/2019 Threat Trends Report q1 2011 En
13/20
Inordertoderaudvictims,thecriminalsbehindthis
threatgeneratealistobank-relatedwebsitesornancial
institutionsromwhichtheystealusernames,passwords
andothersensitivebankinginormation.Theyharvest
credentialssuchasthoseusedoronlineshopping,
onlinepaymentandFTP,andinsertextraormelements
tolegitimatepages(eg.Onlinebanking)thataskor
additionalinormationsuchasPINnumbers.
TrendLabspublishedacomprehensiveinsightintoZeuSin
March2010ZeuSaPersistentCriminalEnterprise 8.
3 - Mariposa Botnet UsesMariposa,butterfyinSpanish,reerstoanetworko13
millioncompromisedsystemsinmorethan190countries
worldwidethatismanagedbyasinglecommand-and-
control(C&C)serverinSpain.Thisbotnethasbeen
dubbedasoneothebiggestnetworksozombiePCs
incyberspacealongsidetheSDBOTIRC,DOWNAD/
Concker,andZeuSbotnets.TheMariposabotnetwasin
existenceasearlyasDecember2008,androsetoamein
May2009.
However,inMarch2010cameitsshutdownandthe
subsequentarrestothreeoitsmainperpetrators.
Typically,botnetscarrywiththembinariesormalicious
lesthattheirperpetratorsuseorvariouspurposes.At
thetimeitsnotorietywasgrowing,TrendMicrothreat
analystsoundWORM_AUTORUN.ZRO,awormretrieved
romcompromisedsystemsthatwereoundtobepart
otheMariposabotnet.Thiswormhastheabilityto
spreadviainstant-messaging(IM)applications,peer-
to-peer(P2P)networks,andremovabledrives.Some
binarieswerealsocapableospreadingbyexploitinga
vulnerabilityinInternetExplorer(IE).
Justlikeanyotherbotnet,DiasdePesadilla(DDP),aka
theNightmareDaysTeam,usedMariposatomakemoney.Thebotnetwasbeingusedtostealinormationsuchas
creditcardnumbers,bankaccountdetails,usernames
andpasswordstosocial-networkingsites,andimportant
lesoundonaectedsystemsharddrives,which
cybercriminalsmayuseinanumberoways.Expertsalso
oundthatDDPstolemoneydirectlyrombanksusing
moneymulesintheUnitedStatesandCanada.
FurtherdiggingintoMariposasbusinessmodelrevealed
thatitsadministratorsalsooeredundergroundservices
topotentialclients.Someotheseservicesincluded
hackingserverstotakecontrol,encryptingbotstomake
theminvisibletosecurityapplications,andcreating
anonymousVPNconnectionstoadministerbots.More
than200binariesotheMariposabotnethavebeen
oundinthewild.Amongthese,usersshouldbemost
waryoinormationstealersthatcompromisenotjust
bankinginormationbutalsoausersidentity.
4 - Shanghai World Expo as Bait in Cyber Attack
AttheendoMarch/beginningApril2010,TrendLabs
identiedanewattack,usingapreviouslyknownAdobe
exploit.Intheattack,emailedmessages,purportedly
comingromBureauoShanghaiWorldExpo,asked
recipientstoopenaleattachedtothemessage,andto
updatetheirsubmittedregistrationorms.Therewere
indicationsthattheattackwasintentionallytargeted
towardWesternjournalistsinAsia.Itisunclearhowthe
detailsopersonsregisteredtoattendtheExpowere
accessedbythecriminals,howeveritsworthnotingthat
theWorldExpowebsitestatedthatitexpectedaround70
millionattendeestotheeventthisyear 9.
Theattachmentwithinthespammedmessagewasa.PDF
lethattookadvantageoaknownvulnerability(patched
byAdobeinFebruary2010)inAdobeAcrobatandReader
(CVE-2010-0188).Oncesuccessullyexploited,the.PDF
ledroppedabackdoorprogramontotheaected
system,whichinturnenabledattackerstogainull
controloavictimsmachine.
Themethodusedtoexploitthisvulnerability,onthis
occasion,dieredromthatusedpreviously.Trend
Microresearchersidentiedthatthe.PDFleshadan
embeddedmalicious.TIFFle.Thisembedded.TIFFle,
whenprocessedbyvulnerableAdobeproducts,triggeredthevulnerabilityandtheexecutionoarbitrarycode.In
thisattack,systeminormationsuchasComputername,
CPUinormation,OSversion,andIPaddressothe
aectedsystemwasstolenandsenttoaremoteserver.
8http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pd
9http://threatino.trendmicro.com/vino/web_attacks/Shanghai_Expo_Spam_Carries_
Backdoor.html
13
8/2/2019 Threat Trends Report q1 2011 En
14/20
5 - New, Shortened URLs in IM Spam,
Now result in KOOBFACE Malware
Cybercriminalsareveryadeptatemployingnew
techniquesinordertotrickandinectmoreusers.
InthemiddleoAprilthisyear,TrendLabsidentied
attacksospamoverIM,usingshortenedURLsortheir
misdemeanor.Thetwisttothisstoryisarelationship
betweenspamoverIM,BUZUSandKOOBFACE.
Mostusersoinstantmessengerapplicationshaveon
variousoccasionsseenattemptstodupetheminto
clickingonspamreceivedoverIMorstrangeriend
requests.
Itseemsthecybercriminalsmayhavealsorealizedthat
theirpasttechniquesmaybebecominglesseective,
andTrendLabshasjustrecentlydiscoveredthatthese
criminalsarenowusingshortenedURLstospam
malware.URL-shorteningservicesarenormallyusedto
compresslongandunreadableURLsintoshort,bite-sized
ones.TheseshortURLsaremoreportable,andarenow
generallypreerredoverthe(normallylong)actualURLs
whensharingnewswithinnetworks,blogs,Tweets,and
othersocialmediatools.URL-shorteningservicescanbe
usedtohidemaliciouslinksromview,therebytrickingusersintoclickingsuspiciouslinks.
KOOBFACEisanotoriousbotnetthatoriginallytargeted
innocentFacebookusers.Sincethen,ithasgoneonto
targetothersocialnetworks,andsoitisnotsurprising
thatthecriminalsbehindthethreatarelookingto
newavenuesthroughwhichtoextendtheirnetworko
compromisedmachines.KOOBFACEcausessomuch
consternationthatTrendLabshaspublished3separate
researchreportsonthesubject 10.
6 FAKEAV, the standard revenue generator 11
Throughouttherstsixmonthso2010,FAKEAV(or
RogueAntivirus)continuedtobeusedbycybercriminals
asakeyrevenuegenerator.Programsdesignedtolook
proessional,eventothepointooeringtelephone
supportservices,havebeenmaliciouslypushedto
innocentusersunderthepretenceoinectionand
vulnerability.FAKEAVleveragessocialengineeringto
captureusersattentionandmakethreatsbelievable.
Cybercriminalsusemultiplevectorstodelivertheir
threats.
Aewothemethodstheyusearelistedbelow:
Stealingromusersdirectlybyconvincingthemto
download,install,andthenpayorakesotware.
Inectingusersthroughmaliciouslinksplacedin
searchresultspoisonedsearchresultsareotherwise
knownasBlackHatSEO.
Deliveringapayloadomaliciousroutinesorinstallers
thatleaveadditionalmalwareontheinectedsystem.
UsingsocialengineeringsitessuchasTwitter,to
trickusers
Unlikemostthreats,FAKEAVsotwaredisplaysavisualelementtothetargeteduser.Thiscomesintheormo
akeuserinteracesthatuniversallyclaimthatthesystem
hasbeeninected.
Interestingly, FAKEAV has also become localized, with the sametool being ound in multiple languages, as can be seen in theollowing screenshot:
14
10http://us.trendmicro.com/us/trendwatch/research-and-analysis/whitepapers-and-articles/index.html
11http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/
threatbrie_nal.pd
8/2/2019 Threat Trends Report q1 2011 En
15/20
Vulnerabilities
Vulnerabilitiesinapplicationshavealwaysbeenaparto
thesecuritylandscape,butrecentdevelopmentstowards
theWebhavemadetheseevenmoresignicant.Forend
users,vulnerabilitieshaveacilitateddrive-bythreats,
whereallthatisnecessarytobecomeinectedbymalware
istovisitawebsite.Thewebsiteneednotbemalicious;
itmaybecompromised(viamaliciousadvertisements,or
theadditionoiramesorJavascriptcode).Thisposesa
largeproblemthatisnoteasytomitigate.
Inaddition,serversarecomingunderincreasingre
aswell.Assumingwell-establishedservermanagement
proceduresareinplace,vulnerabilitiesbecomethebestmeansotryingtoexecutemalwareonservers.Whilethis
maybemoredicultthancompromisingasingleuser
system,thepotentialrewardisconsequentlygreater
aswell.
TrendMicroreceivesinormationaboutvulnerabilities
bothpubliclyandprivately.Privatevulnerability
inormationisreceivedbothromvendors(suchas
Microsot),third-partygroupssuchasTippingPointsZero-
DayInitiative12,andromthecybercriminalunderground.
Thescaleothisthreathasbeendocumented
independently.ApaperpresentedattheNinthWorkshopontheEconomicsoInormationSecuritydelvedinto
theonlineadultindustry,butalsoproledwhetherusers
wererunningbrowsersthatcontainedvulnerableplug-ins.
Theirstudy12concludedthatastaggering88.28percent
ouserswerevulnerable,asoberingnumberbyany
reckoning.
Withthesethreatsinmind,theollowinglooksatkey
vulnerabilitystatisticsrelatedtothersthalo2010.
TheTrendMicroThreatEncyclopedia 14includesa
SecurityAdvisorysectioninwhichdetailsoallcovered
vulnerabilitiescanbeound.
Vulnerability Statistics
Publicly-knownvulnerabilitiesarecommonlyreerenced
bytheCommonVulnerabilitiesandExposures(CVE)
system,whichassignsauniqueidentiertoeach
vulnerability.Inthersthalo2010,atotalo2,552CVEs
werepublished.Thisnumberisslightlybelowthesimilar
numberorthersthalo2009,whereatotalo3,086
CVEswerepublished.
However,itshouldbenotedthatthisdoesnotmeanthat
thevulnerabilitythreatislessening.Notallvulnerabilities
receiveaCVE;manyvulnerabilitiesthatareprivately
reportedtovendorsarenotincludedinthesystem.
Byvendor,ApplehadthemostCVEsissuedintherst
halotheyear:
Whilesomevendorsreceiveasignicantamounto
pressattentionorvulnerabilities,thischartservesasa
reminderthatthevulnerabilitythreatisarmoremulti-
prongedthanjustpatchingWindowsorupdatingFlash
andAcrobat/Reader.Inaddition,someothevendorswithlargenumbersovulnerabilitiesocusonenterprise
sotware,withcorrespondinglylongerpatchcyclesthat
potentiallyleaveusersatrisk.
Inaddition,thepresentationovulnerabilityinormation
tothegeneralpublicleavesmuchtobedesired.While
somevendorspresentvulnerabilityinormationpublicly
inwell-organizedbulletins,othersdosoinamoreadhoc
mannerorhidetheinormationbehindpaywallsontheir
websites.Thismakesproperthreatassessmentonthe
partousersbothenterpriseandconsumermuchmore
dicult.
Theoverallscaleothethreatposedbyvulnerabilities
andexploitsisclearlyvisiblewhenlookingatthenumber
oTROJ_PIDIEFmalwareseenbyTrendMicrointherst
halotheyear.ThePIDIEFmalwareamilyisspecically
madeupomalwarethatarrivesasPDFles,which
exploitvulnerabilitiesintheAcrobatamilyoproducts.
Inthersthalotheyear,atotalo666newdetection
nameswereaddedtoTrendMicroproducts.Each
detectionnamerepresentsmultiplein-the-wildvariants,
resultinginatotalnumberonewPDFthreatsnumbering
intothethousandsinonlysixmonths.
12http://www.zerodayinitiative.com/
13http://weis2010.econinosec.org/papers/session2/weis2010_wondracek.pd
14http://threatino.trendmicro.com/vino/deault.asp?page=1§=SA
15
3,500
3,000
2,500
2,000
1,500
1,000
500
0CVEs
2009
2010
CVEs200
180
160
140
120
100
80
60
40
20
0
CVEs
Apple
Microsoft
Oracle
Adobe
Cisco
IBM
Sun
Mozilla
Linux
HP
Novell
PHP
Apache
Redhat
FreeBSD
8/2/2019 Threat Trends Report q1 2011 En
16/20
15http://us.trendmicro.com/us/trendwatch/core-technologies/index.html
16http://us.trendmicro.com/us/home/enterprise/
17http://trendmicro.mediaroom.com/index.php?s=43&news_item=830&type=current&year=0)
18
http://us.trendmicro.com/us/home/small-business/
Smart Protection Network
TheTrendMicroSmartProtectionNetwork
inrastructuredeliversadvancedprotectionromthe
cloud,blockingthreatsinreal-timebeoretheyreach
you.Bycontinuouslyprocessingthethreatintelligence
gatheredthroughitsextensiveglobalnetworko
honeypots,customersandpartners,TrendMicro
deliversautomaticprotectionagainstthelatestthreats
andprovidesbettertogethersecurity,muchlike
anautomatedneighborhoodwatchthatinvolvesthe
communityinprotectionoothers.Becausethethreat
inormationgatheredisbasedonthereputationothecommunicationsource,notonthecontentothespecic
communication,theprivacyoacustomerspersonalor
businessinormationisalwaysprotected.
TrendMicroSmartProtectionNetworkusespatent-
pendingin-the-cloudcorrelationtechnologywith
behaviouranalysistocorrelatecombinationsoweb,
emailandlethreatactivitiestodetermineitheyare
malicious.Bycorrelatingthedierentcomponentsoa
threatandcontinuouslyupdatingitsthreatdatabases,
TrendMicrohasthedistinctadvantageobeingableto
respondinrealtime,providingimmediateandautomatic
protectionromemail,leandWebthreats.
AnotherkeycomponentotheTrendMicroSmart
ProtectionNetworkisintegratedSmarteedbackthat
providescontinuouscommunicationbetweenTrendMicro
productsaswellasthecompanys24/7threatresearch
centersandtechnologiesinatwo-wayupdatestream.
Eachnewthreatidentiedviaasinglecustomersroutine
reputationcheck,orexample,automaticallyupdates
alloTrendMicrosthreatdatabasesaroundtheworld,
blockinganysubsequentcustomerencountersoa
giventhreat.
FurtherinormationandbenchmarksorTrendMicroSmartProtectionNetworkcanbeoundintheCore
TechnologiesareaoTrendWatch15.
Solutions and Services
Trend Micro Enterprise Security
TrendMicroEnterpriseSecurityisatightlyintegrated
oeringocontentsecurityproducts,services,and
solutionsthattakeulladvantageotheTrendMicro
SmartProtectionNetwork.Optimizedtodeliver
immediateprotection,TrendMicroEnterpriseSecurity
alsodramaticallyreducesthecostandcomplexityo
securitymanagement.
ForurtherinormationaboutTrendMicroEnterprise
Security,visittheEnterprisesectionotrendmicro.com
16
Trend Micro SecureCloud
NowavailableasaBetareleaseorearlyadopterso
cloudcomputing17,TrendMicroSecureCloudisahosted
key-managementanddata-encryptionsolutiondesigned
toprotectandcontrolcondentialinormationthat
youdeployintopublicandprivatecloud-computing
environments.
Trend Micro Worry-Free Business Security
Designedspecicallytottheneedsosmallbusinesses,
Worry-FreeBusinessSecurityprotectsyourcomputers
wherevertheyreconnectedintheoce,athomeorontheroad.PoweredbytheTrendMicroSmartProtection
Network,threatsaredetectedastertokeepyourdata
saeandyourprotectionconstantlyupdated.
FurtherdetailsandthebenetsoTrendMicroWorry-Free
BusinessSecuritycanbeoundontheSmallBusiness
sectionotrendmicro.com 18.
Trend Micro Titanium
Combiningeasy-to-usesecuritywithcloud-client
technologiesTrendMicroTitaniumblocksthreatssuchas
inectedwebsites,phishingattacks,virusesandspyware
beoretheycanreachauserscomputer.State-o-the-artprotectionorusersdataisdeliveredwhileensuringthat
computerperormanceisnotimpacted.
DetailsotheTrendMicroTitaniumproductlinecanbe
oundatwww.trendmicro.com/titanium.
Trend Micro Technology and Protection
16
8/2/2019 Threat Trends Report q1 2011 En
17/20
Advice or Businesses Adopting Cloud Strategies
InMarch2010theCloudSecurityAlliance(CSA)
publishedTopThreatstoCloudComputingV1.0 19to
helporganizationsbetterunderstandtherisksocloud
computingandtoconsequentlymakemoreinormedrisk
managementdecisionswhenadoptingcloudstrategies.
Withtherightapproachandsecuritysolutionsthe
publiccloudcanbejustassecureasatypicaltraditional
corporatedatacentre.Werecommendthatorganizations
providetheirownlayersosecurityinadditiontothat
whichisaordedbycloudproviders.
1. Encryptallsensitivedatatheinormationthatis
exclusiveto,andownedby,yourorganization.The
operatingsystemandapplicationsarelessimportant
heretypicallyinthecloudtheyarestandardimages
thataresimplyrecycledbacktoamasterimageon
shutdown.Itstheinormationproprietarytoyou,or
thatyouhavecollectedromcustomersandbusiness
partners,whichyougenerallyhavealegalobligation
toprotect.
2. EnsurethatyourFirewall,IPS,andIDSprotecteach
oyourvirtualmachinesseparately.Particularlyina
PublicCloudenvironmenttheothervirtualmachines
runningonthesamephysicalhardwareasyoushould
beconsideredhostile.Therewallatthecloud
providersperimetercanthelpyouhere.
3. Onlydecryptyourdatawithinthatsecurecontainer
youveestablishedoryourvirtualmachine.Besure
youcheckortamperinganddatastealingmalware
beoredecryptingyourdata.
4. Makesurethatyouareincontrolotheencryption
keysitsyourdata!
TrendMicrooerstwoproductsDeepSecurityandSecureCloudwhichwhenlayeredtogethercanachieve
theourrecommendationsaboveandcounterthethreats
identied.
DeepSecurityisavailableandalreadyinwidespreaduse
andSecureCloudenteredpublicbetaoverthesummer
ollowingsuccessulpilottrials20.
Advice or Businesses
Use eective solutions to protect your business.
Toprotectyourcompanynetwork,deploysolutions
thatusecloud-basedprotection.Technologysuchas
theTrendMicroSmartProtectionNetworkcombines
Internet-based(in-the-cloud)technologieswith
lighter-weight,clientstohelpbusinessesclosethe
inectionwindowandrespondinrealtimebeore
threatscanevenreachausersPCorcompromise
anentirenetwork.BycheckingURLs,emails,and
lesagainstcontinuouslyupdatedandcorrelated
threatdatabasesinthecloud,customersalwayshaveimmediateaccesstothelatestprotectionwherever
theyconnect.
Phishingposesasignicantthreatororganizations.
Phishingsitescancompromiseyourbrandand/oryour
companysimageaswellasyourabilitytokeepyour
customerscondencewhileconductingbusinessover
theInternet.Protectyouremployeesandcustomers
byprocuringallbrand-relatedandlook-alikedomain
names.
Stayaheadothethreatsbyreadingsecurity-related
blogsandrelatedinormationpages(i.e.,ThreatEncyclopedia21,CloudSecurityBlog22,TrendLabs
MalwareBlog23andsocialnetworkssuchasTwitter 24)
whichcanhelpwarnandeducateuserswhomight
otherwisebedrawntowebsitesunderalsepretenses.
Educateyouremployeesabouthowcybercriminals
lurevictimstotheirschemes;makeuseothreat
inormationprovidedonsecurityvendorsiteslike
TrendWatch.
TrydownloadingtoolssuchastheTrendMicroThreat
Widgettohelpraiseawareness
19http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pd
20http://trendmicro.mediaroom.com/index.php?s=43&newsitem=830&type=current&year=0
21http://threatino.trendmicro.com/vino/deault.asp?sect=SA
22http://cloudsecurity.trendmicro.com/
23http://blog.trendmicro.com
24
http://twitter.com/trendmicro
17
8/2/2019 Threat Trends Report q1 2011 En
18/20
Saeguard your customers interests.
Standardizecompanycommunicationsandletyour
customersknowaboutyouremailandwebsitepolicies.
Thisway,youcanhelpyourcustomersbetteridentiy
legitimatemessages.
Avoidsendingphishy-lookingemailmessagesby
ollowingtheseguidelines:
Donotrequestpersonalinormation
throughemail.
Personalizeemailwhenpossible.
DonotredirecttoanotherdomainromtheURL
providedtocustomers.
Donotrelyonpop-upwindowsordatacollection,
especiallythosewithnoaddressbarsor
navigationalelements.
Donotuseinstantmessagingorchatwith
customersunlesstheyinitiatethecommunication.
Beexplicitinthedetailocommunications
thatrequiretheimmediateactionorattention
orecipients.
Establish and implement eective IT usage guidelines.
Justasyouwouldneverleaveyourrontdoor
unlockedwhenyouarenothome,youmusttake
thesameprecautionswithyourcomputersystem
tomakesureyourbusinessisprotected.Protecting
yourbusinessrequiresyoutoeducateyourseland
youremployeesaboutsaecybersecuritypractices.A
comprehensivesetoITusageguidelinesshouldocus
ontheollowing:
Prevention.Identiysolutions,policies,and
procedurestoreducetheriskoattacks.
Resolution.Intheeventoacomputersecurity
breach,youshouldhaveplansandproceduresin
placetodeterminewhatresourcesyouwilluseto
remedyathreat.
Restitution.Bepreparedtoaddressthe
repercussionsoasecuritythreatwithyour
employeesandcustomerstoensurethatanyloss
otrustorbusinessisminimalandshort-lived.
18
8/2/2019 Threat Trends Report q1 2011 En
19/20
Top Tips or End Users
Keep your personal computer current with the latest
sotware updates and patches.
Applythelatestsecurityupdatesandpatchestoyour
sotwareprogramsandOSsandenableautomatic
updateswherepossible.Sincecybercriminalstypically
takeadvantageofawsinthesotwaretoplant
malwareonyourPC,keepingyoursotwarecurrent
willminimizeyourexposuretovulnerabilities.
Protect yoursel and your personal computer.
Iyoureceiveanemailrequestingpersonalor
condentialinormation,donotrespondorprovide
thisinormationvialinksorphonenumbersin
theemail.Legitimateorganizationssuchascredit
cardcompaniesandbankswillneverrequestthis
inormationviaemail.
Bewareounexpectedorstrange-lookingemailsand
instantmessages(IMs)regardlessosender.Never
openattachmentsorclicklinksintheseemailsand
IMs.Iyoutrustthesender,scantheattachments
beoreopening.Neverprovidepersonalinormationin
youremailorIMresponses.
Regularlycheckyourbank,credit,anddebitcard
statementstoensurethatalltransactionsare
legitimate.
BewareoWebpagesrequiringsotwareinstallation.
Scanprogramsbeoreexecutingthem.Alwaysread
theend-userlicenseagreement(EULA)andcancel
iyounoticeotherprogramsbeingdownloadedin
conjunctionwiththedesiredprogram.
Donotprovidepersonalinormationtounsolicited
requestsorinormation.
Iitsoundstoogoodtobetrue,itprobablyis.Iyou
suspectanemailisspam,deleteitimmediately.Reject
allIMsrompeoplewhomyoudonotknow.
Whenshopping,banking,ormakingothertransactions
online,makesurethewebsiteaddresscontainsansas
inhttps://www.bank.com.Youshouldalsoseealock
iconinthelowerrightareaoyourWebbrowser.
Choose secure passwords. Useacombinationoletters,numbers,andsymbols
andavoidusingyourrstandlastnamesasyour
loginname.
Avoidusingthesamepasswordorallyourlogin
needs.Donotusethesamepasswordoryourbanking
sitethatyouuseoryoursocialnetworkingsites.
Changeyourpasswordeveryewmonths.
19
8/2/2019 Threat Trends Report q1 2011 En
20/20
About TrendLabs
TrendLabsisamultinationalresearch,development,
andsupportcenterwithanextensiveregionalpresence
committedto24/7threatsurveillance,attackprevention,
andtimelyandseamlesssolutionsdelivery.
Withmorethan1,000-strongstaothreatexpertsand
supportengineersdeployedround-the-clockatlabs
aroundtheglobe,TrendLabsenablesTrendMicroto:
Continuouslymonitorthethreatlandscapeacross
theglobe
Deliverreal-timedatatodetect,preempt,and
eliminatethreats Researchandanalyzetechnologiestocombat
newthreats
Respondinreal-timetotargetedthreats
Helpcustomersworldwideminimizedamages,reduce
costs,andensurebusinesscontinuity
TrendLabshasacilitiesintheollowing12locations:
Manila,Philippines(HQ)
Arlington,TX,USA
Cupertino,CA,USA
LakeForest,CA,USA
Shanghai,China
SaoPaulo,Brazil
Cork,Ireland
Paris,France
Tokyo,Japan
Taipei,Taiwan
Marlow,UnitedKingdom Munich,Germany
Notethattheseacilitiescanperormallorpartocritical
TrendMicroservicessuchastechnicalsupport,malware
analysisandsolutionsdelivery.
TrendLabs Locations
About Trend Micro:
TrendMicroIncorporated,agloballeaderinInternet
contentsecurity,ocusesonsecuringtheexchangeo
digitalinormationorbusinessesandconsumers.A
pioneerandindustryvanguard,TrendMicroisadvancing
integratedthreatmanagementtechnologytoprotect
operationalcontinuity,personalinormation,andproperty
rommalware,spam,dataleaksandthenewestWeb
threats.VisitTrendWatchatwww.trendmicro.com/go/
trendwatchtolearnmoreaboutthelatestthreats.
TrendMicrosfexiblesolutions,availableinmultiple
ormactors,aresupported24/7bythreatintelligence
expertsaroundtheglobe.Manyothesesolutionsare
poweredbytheTrendMicroSmartProtectionNetwork
inrastructure,anext-generationcloud-clientinnovation
thatcombinessophisticatedcloud-basedreputation
technology,eedbackloops,andtheexpertiseo
TrendLabs(SM)researcherstodeliverreal-timeprotection
romemergingthreats.Atransnationalcompany,with
headquartersinTokyo,TrendMicrostrustedsecurity
solutionsaresoldthroughitsbusinesspartners
worldwide.Pleasevisitwww.trendmicro.com.