Tag: Trend Micro

Security software continues to thrive

IBM logoSymantec remained the number one vendor of security software in 2014, with the whole market worth $21.4 billion – up 5.3 percent from the year before.

In second place was Intel McAfee, followed by IBM, Trend Micro, EMC and other players.

But although there’s overall market growth, according to market research company Gartner, there was a decline in consumer security software.

This hit Symantec because consumer security software forms 53 percent of its total security revenues.

IBM had a particularly good year, growing its revenue by $1.5 billion, largely as a result of strong adoption of security information and event management products by large enterprises.

Gartner said this particular sector is growing strongly as enterprises realise the need for threat detection and response to protect their IT systems.

Anti virus makers join forces to down botnet

SIMDATrend Micro said it cooperated with Microsoft and Kasperky Labs as well as Interpol to bring down a massive botnet compromising computers worldwide.

Operation SIMDA, said Trend Micro aims to eliminate botnet estimated to have infected over 770,000 computers.

Crooks used SIMDA to remotely access PCs and steal personal information as well as installing and spreading other malware.

The malware modifies HOSTS files, redirecting people to malicious sites from authentic sites, and affected well known sites such as Facebook, Bing, Yahoo and Google Analytics, Trend said.

Redirection servers were based in 14 countries across the world.

The advice to avoid attacks include not opening emails and attachments from people you don’t know.

Trend advises people to manually check HOSTS files and remove suspicious records – not really an option for the average user of a PC.

Trend illustrates how HOSTS is modified with the screen shot (pictured).

Barclays' PingIt app will 'certainly' be targeted by criminals

Barclays has announced its money-sending app, PingIt, which the bank claims is as safe as any other banking transaction.

While many may be concerned about sending money via their smartphones, Barclays believes that mobile payment will “revolutionise” the way money is passed around.

The free to use PingIt app will, at first, only send money from a Barclays account – but will mean that anyone will be able to register to receive money from a sender’s smartphone.

The money is sent using Barclay’s Faster Payments service, and the bank chain says that with a five digit PIN code needed to send payments it is as safe as a regular bank transaction.  However, in order make the transactions quick, full bank details are not required.

Barclays is playing down the amount of money users can send, painting it as an opportunity to quickly send a tenner to a friend or family member.

But the possibility to send up to £300 using the service – more than many standard accounts let you withdraw as cash from the bank each day – there will be concerns about the security.

Rik Ferguson, Director of Security Research & Communication at Trend Micro believes that there is serious potential the system could come under attack from criminals.

“It will certainly be a target,” Ferguson told TechEye. “Criminals follow consumer behaviour and if consumers begin to move money around on mobile devices that will be of distinct interest for criminals, and they will try and exploit it.”

Mobile users are already fairly lax with security, Ferguson says. “There are still far too many people who are not in the habit of locking their phone with a PIN,” he continued. “Obviously there is a PIN for the app itself but if you are not using the PIN on your phone you are increasing your risk.”

There is also the real possibility that criminals could create malicious software to target PingIt.

“We are already seeing increasing number of malicious apps out there,” Ferguson says. “Replica versions of the official apps available in app stores are already common tactics – for example, Angry Birds or Cut The Rope.

“It would be quite a simple matter to make a copy of the app and have people download it, and have it look like it is acting as normal but actually stealing information and finding out what the PIN is.”

Ferguson believes that there are plenty of ways in which PingIt has the potential to be exploited: “There is the possibility of key logging, so Barclays need to look at this as well as potential vulnerabilities or flaws in the code,” he said.

Google, Oracle overtake Microsoft in reported vulnerabilities

According to the latest quarterly threat report from Trend Micro, Google is now the biggest culprit for reported vulnerabilities, beating Microsoft by two places.

Although Bill Gates’ baby still gets all of the flak for resembling Swiss cheese, actually Google and in particular Android is more of a worry. For the quarter, and thanks to vulnerabilities in Chrome, Google had 82 reported holes.

Oracle was second with 63 vulnerabilities, and Microsoft was third with 58 in the report. 

Trend Micro’s report, the company says, notes a change in cyber crime tactics – with a trend towards targeted attacks against large enterprises and governments.  

An example is the LURID downloader, which pinched confidential data from over 60 countries. Trend says the key to its success was down to the criminals focusing their attacks geographically.

Attackers also continue to target at social media users.

For example, the company spotted a scam page which looked a lot like Google+ invites but actually put users in harm’s way.

LinkedIn was attacked too, though strangely for the business network, the successful campaign was with the promise of a Justin Bieber video.

Botnet hacker made $17,000 a day

Trend Micro has uncovered just how far one cyber criminal’s reach went. A man in his 20s, somewhere in Russia, used a slew of criminal toolkits to earn money attacking over 90 countries and pocketing $3.2 million in just six months.

Trend Micro believes Soldier used a network of money mules and had an accomplice residing in the states. Together, just since January 2011, the hacker was making $17,000 dollars a day.

Writing from the Trend Micro bog, threat researcher Loucif Kharouni outlines the antics of a hacker who goes by the name of Soldier. He used SpyEye and ZeuS binaries and blackhat SEO on his rampage across the web.

Soldier allegedly  traded in traffic with other criminals on the web, using malware to pinch money from countless accounts, with a large majority in the US, as well as thieving security credentials. It wasn’t only grandma opening a dodgy attachment that got hit by the worm – high security institutions and US corporations were among those hit.

Overall, Soldier managed to infect roughly 25,394 systems between late April and June. It will be good for Microsoft’s PR push in getting users to upgrade – the majority of the victims were running Windows XP on their machines.  About 4,500 Windows 7 PCs took the hit as well, according to Trend Micro.

The company is keeping the investigation open and is trying to figure out how to notify victims.

Trend Micro attacks Open Source

Insecurity expert Steve Chang, who is the chairman of Trend Micro, has just declared himself the sworn enemy of the Open Sauce movement by saying that Android is less secure than the iPhone because it is Open Sauce.

Chang claims that because Android was open sauce a hacker could understand the underlying architecture and source code and work out new ways to do it over.

Steve Chang said that you had to give credit to Apple, because they are very careful about it. It’s impossible for certain types of viruses to operate on the iPhone.

Of course the comments will be greeted by a “what the fsk” from almost everyone in the industry. Apple’s iPhone security is faith based and the shiny gear is the first to get knocked over during Black Hat competitions. If a security error is spotted it takes time for Apple to admit it, let alone fix it. Open Sauce problems are usually fixed quickly.

Open Saucers can claim, with some validity, that security problems in Android can be swiftly spotted and fixed because people know the system very well.

In short does Chang know what he is talking about? He appears to be mostly talking about the application vetting process. Anyone can write code for Android, but getting code approved by Jobs’ Mob requires the developer to juggle flaming swords over a pit of hungry crocodiles while smeared with bacon grease. Obviously with central controls like that it is possible to weed out a few rogue applications that spread malware.

But that is not actually what Chang said. He actually blamed the Open Sauce process for making Android less secure. Which it doesn’t. He added that Apple has a sandbox concept that isolates the platform, which prevents certain viruses that want to replicate themselves or decompose and recompose to avoid virus scanners. However that does not make it more or less secure, it just means that you have to use a different attack vector.

Chang said he’s betting Android users will start to buy more security software for mobile devices. This is fair enough, however how much security software is there for the iPhone? For years Apple hardware has based its security on faith alone and depends on hackers not bothering to attack the minority OS. How is it that Trend Micro can believe that Apple is safer and, more to the point, why would you trust a security company that spouts such rubbish?

Chang’s comments might have something to do with the fact that this week Trend Micro released Mobile Security for Android, software that users can install on a mobile phone to block viruses, malicious programs and unwanted calls. So if Android users feel secure they will not buy Chang’s app.

But you have to wonder if Apple’s security so wonderful, why Trend has been running its Mobile Security App for the iPhone for a while now?

Chang admitted to Business Week  that Apple’s iOS wasn’t fully immune to security threats and may be hit with so-called social-engineering attacks, which tricks users into authorising the download or installation of malicious software. But not viruses? So what does Trend’s AV software for the Apple do?

Given this weird message, it is not surprising that Trend Micro’s 2010 revenue is expected to have dropped 1.3 percent and its net income is forecast to be 22 percent lower.

Trend trademarks the plate that’s in my leg

The Periodic Table partly confirmed what some alchemists thought – that metallic elements are in some way related.

For example, in the New Pearl of Great Price by Bonus of Ferrara (Vincent Stuart edition, 1963) we see: “In the generation of metals, all common metals are potentially what gold is actually; they are imperfectly what gold is perfectly; they are substantially what gold is formally.”  The original work was published by the Aldus press in 1546, financed by Pope Paul III and Venice.

We found it a bit strange when O2 decided to call itself O2 – that is trademarked apparently.

But we find it even stranger that AV company Trend Micro has decided to trademark the word Titanium – pictured here.

Next, you’ll be finding Intel trying to trademark the letter “i” or numbers or something.

Yeah, so I can’t refer to the Titanium plate in my leg – the result of a motor bike accident in 1981 – without tagging TM behind it?

NEC was rightly parodied for attempting to trademark the word “tower” – a clearly visible and risible piece of stupidity. Next, Intel will be telling us that it is going to trademark Intel Hotels of Distinction.

Oh, it already did.

EC concerned about Intel's McAfee buyout, others don't care

The European Commission has expressed concerns over Intel’s acquisition of security software firm McAfee in a preliminary antitrust probe of the high-profile deal, but with McAfee’s rivals welcoming the buyout from Intel, what exactly is the EC worried about?

Sources close to regulators within the EC revealed to the Wall Street Journal that there were some concerns over Intel’s intention to incorporate security features into its processors, with the EC believing that it will prioritise the inclusion of McAfee security in the chips over that of rival security firms, thus creating a problem for competition.

One survey sent to Intel by the EC asked if a sleeper agent in the processor chips could launch advertisements of McAfee software or if maximum performance of the processor would need to be unlocked through the purchase of that software, both of which are clearly areas that would prevent proper competition in the market.

Why then are Kaspersky, Trend Micro, Symantec and others welcoming Intel’s entry into the security market, as TechEye revealed in August? Some of the McAfee rivals even going so far as to say that it will aid competition rather than hindering it.

Kaspersky told us at the time: “It is obvious that this will create more competition and drive the industry to grow more rapidly, and that is always a positive thing for the rest of the players involved.”

Even Symantec, which has a close relationship with Intel, said that the deal would not adversely affect it, despite the sheer size and money power Intel can push behind McAfee. In fact, it is Intel’s dominance that could help the security market, according to many of the top security firms, making investors wake up to the importance of security software.

The EC is seeking the opinions of security firms in its antitrust probe and these are likely to be a major factor in the decision to approve or reject the deal. On the surface the McAfee competitors should be telling the EC exactly what they told us, but chances are that some of them are publicly expressing joy at the acquisition news, while privately expressing their hidden worries to the EC. 

The deal, which is worth $7.68 billion, is expected to close in the frst half of 2011, despite earlier predictions that it could be finalised by the end of 2010, but the EC probe could delay this even further.

Or, if things go downhill for Intel with the EC, the deal could fall through altogether. This appears unlikely, as a compromise situation may be agreed between the two, with Intel giving assurance that it will not use its chip throne to prevent other security firms from competiting with McAfee.

Intel has previously been in hot water with the EC, receiving a $1.45 billion fine in 2009 when it was found to have abused its dominant market position, with its share accounting for around 80 percent of the processor market.

With so many giants like Intel and Google eating up the pygmies out there, it may be a dangerous time to be small. The EC clearly recognises this, even if the rival security firms are attempting to sound bigger than they really are.

Almost undetectable ZeuS variant discovered

A variant of the key-logging ZeuS trojan that is almost undetectable has been discovered by anti-malware researchers at Trend Micro.

The variant, known as TSPY_ZBOT.BYZ, uses a number of techniques to avoid automatic heuristics-based detection, such as importing a large number of external APIs, a characteristic not shared by other ZeuS trojans, and one that means there is a significantly lower chance of detection.

The trojan is also compressed in a different manner to other ZeuS variants, meaning that the calculable entropy is different. This is usually similar and allows anti-malware researchers and software to analyse and detect the trojan, but the difference in this variant helps keep it under the radar.

Trend Micro said the trojan is “designed to make analysis in sandboxed environments more difficult.” This makes things harder for anti-malware researchers who provide virus database updates to keep computer users protected, allowing for the spread of the trojan to many more machines.

The ZeuS trojan has been responsible for a string of major attacks throughout the year, including most recently on LinkedIn. The prevalence of the malware has led to multiple arrests around the world, including 19 people involved in a £6 million bank scam in the UK and further arrests in the US, which could see dozens of people jailed.

The problem is also getting worse. Trend Micro issued an update today that a further variant, named  TSPY_ZBOT.SMEQ, has been detected, and there could be many more of them, slipping under the watchful eyes of our anti-malware software.

“These new variants show the impact of TSPY_ZBOT.BYZ being able to avoid heuristic detection. Determining the relationship between TSPY_ZBOT.BYZ and the new variants would become harder; correspondingly the new variants would be more difficult to detect,” said Julius Dizon, Research Engineer at Trend Micro. 

“To properly guard against this threat, conventional antivirus [software] is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users.”

Trend Micro receiving buy-out offers

The insecurity outfit, which still thinks that TechEye  is a dangerous site, claims that it is being wooed by some of the top names in the IT industry with buy out offers.

Trend Micro CEO Eva Chen told Digitimes that her outfit has received many acquisition offers from first-tier IT players.

She said that the company prefers to be independent operators, but since it’s a publicly listed company, she would have to go for it.

Company chairman Steve Chang also pointed out that the company’s long-term plan is to remain independent but it would accept a merger offer.

It is not clear where the offers are coming from. Digitimes suggested Intel, but that would be daft, particularly as the outfit has just bought McAfee and many observers are still wondering why. Trend is also a lot more expensive than McAfee.

Trend does have a more cloudish emphasis and a big engineer team. It has also acquired cloud computing storage applications maker Humyo earlier this year and has spent a large amount promoting its business.

In the long term, the company expects the return from its investment in cloud computing will be huge.

The company has already formed an alliance with VMware and will launch several security products for VMware’s virtual products.