企業や組織でセキュリティに従事する現場担当の方々は、日々のインシデント対応や、セキュリティレベルの向上を目指す中で、さまざまな疑問に直面していると思います。どんな対策をどこまでやれば安全なのか? 本連載「すぐに役立つセキュリティ対策」では、トレンドマイクロのエキスパートたちが、お客様からの調査依頼対応やインシデントハンドリングの中から得たセキュリティ専門家としての知見を、すぐに業務に活かせる形で提供してまいります。前回は、電子メール経由での侵入のリスクを減らす設定について、フリーメールアドレスからのメールの受信制限についてまとめました。Part2 の今回はリスクを減らす設定の 1つとして添付ファイルの受信制限について考えます。
続きを読む2014年上半期におけるスパムメールの数は、2013年上半期と比較して 60% 増加しました。トレンドマイクロでは、この増加について、いくつかの要因を挙げています。1つは、「DOWNAD」の感染拡大や、「MYTOB」などのスパムメール送信機能を備えた不正プログラムを添付したスパムメールが着実に増加していることです。また、感染を拡大している「UPATRE」やオンライン銀行詐欺ツール「ZBOT」が、不正プログラムをダウンロードする感染媒体として、スパムメールを利用していることも要因の 1つでしょう。2013年のスパムメールの動向として、弊社は、不正プログラム拡散のためにスパムメールが引き続き利用されるだろうと予測しましたが、これは現在も事実のようです。
続きを読むThis new symbian malware is similar to other symbian malware in the sense that it overwrites normal files in the system in order to destroy them. However, it has a particularly interesting characteristic where it attempts to spread infection to a computer running in Windows OS. This is because this malware drops these 4 files into the E: directory (which is the memory card):
Thus, when the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, the file SYSTEM.exe may not have an automatic startup routine, but since it has the icon of a folder, this could be executed by an unsuspecting user who wants to open this “folder”.
Note: This malware will be detected as SYMBOS_CARDTRP.A
Dropped Files
fsb.exe – BKDR_BERBEW.Q
buburuz.ICO – Icon file for the memory card
autorun.inf – file used to automatically execute fsb.exe
SYSTEM.exe – WORM_WUKILL.B
buburuz.ICO – Icon file for the memory card
autorun.inf – file used to automatically execute fsb.exe
SYSTEM.exe – WORM_WUKILL.B
Thus, when the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, the file SYSTEM.exe may not have an automatic startup routine, but since it has the icon of a folder, this could be executed by an unsuspecting user who wants to open this “folder”.
Note: This malware will be detected as SYMBOS_CARDTRP.A
Dropped Files
- E:DOCUME~1BimLOCALS~1TempMKS0CARIBE.SIS – already detected as SymbOS_CABIR.A
- E:SYSTEM.exe – already detected as WORM_WUKILL.B
- E:fsb.exe – already detected as BKDR_BERBEW.Q
- E:SystemAppsWILDSKINWILDSKIN.App
- C:SystemAppsWALLETAVMGMTWALLETAVMGMT.App
- C:SystemAppsVoicerecorderVoicerecorder.app
- C:SystemAppsVoiceRecVoiceRec.app
- C:SystemAppsVMVm.app
- C:SystemAppsVideorecorderVideoRecorder.app
- C:SystemAppsVCommandVCommand.app
- E:SystemAppsUVSMStyleUVSMStyle.App
- E:SystemAppsUltraMP3UltraMP3.App
- C:SystemAppsTodoTodo.app
- E:SystemAppsSystemExplorerSystemExplorer.App
- C:SystemAppssSaversSaver.App
- C:SystemAppsSpeedDialSpeeddial.app
- E:SystemAppsSounderSounder.App
- C:SystemAppsSnakeExSnakeEx.app
- E:SystemAppsSmsMachineSmsMachine.App
- E:SystemAppsSmartMovieSmartMovie.App
- E:SystemAppsSmartAnswerSmartAnswer.App
- C:SystemAppsSimDirSimDir.app
- E:SystemAppsScreenCapScreenCap.app
- C:SystemAppsSatUiSatui.app
- E:SystemAppsRingMasterRingMaster.App
- C:SystemAppsRealPlayerRealPlayer.app
- E:SystemAppsRallyProContestRallyProContest.App
- E:SystemAppsPVPlayerPVPlayer.App
- C:SystemAppsPslnPSLN.app
- C:SystemAppsProfileAppProfileApp.app
- C:SystemAppsPinboardPinboard.app
- E:SystemAppsPhotoSMSPhotoSMS.App
- E:SystemAppsPhotoSafePhotoSafe.App
- E:SystemAppsPhotographerPhotographer.app
- E:SystemAppsPhotoEditorPhotoEditor.app
- C:SystemAppsPhotoAlbumPhotoAlbum.app
- E:SystemAppsphotoacutephotoacute.App
- C:SystemAppsPhoneBookPhoneBook.app
- !:SystemAppsPhoneFREAKPHONE_CAPTION.RSC
- !:SystemAppsPhoneFREAKPHONE.RSC
- E:SystemAppsPhoneFREAKPHONE.APP
- E:SystemAppsPhoneFreakPhone.aif
- C:SystemAppsNSmlDSSyncNSmlDSSync.app
- C:SystemAppsNotepadNotepad.app
- C:SystemAppsMusicPlayerMusicPlayer.app
- E:SystemAppsMp3PlayerMp3Player.App
- E:SystemAppsMp3GoMp3Go.App
- C:SystemAppsmmpmmp.App
- C:SystemAppsMMCAppMMCApp.app
- C:SystemAppsMixPixMixPix.app
- C:SystemAppsMidpUiMidpUi.app
- E:SystemAppsMIDIEDMIDIED.App
- !:SystemAppsMenuFreakMenu_caption.rsc
- !:SystemAppsMenuFREAKMENU.RSC
- !:SystemAppsMenuFREAKMENU.APP
- E:SystemAppsMenuFreakMenu.aif
- C:SystemAppsMediaplayerMediaPlayer.app
- C:SystemAppsMediaGalleryMediaGallery.app
- C:SystemAppsMCEMCE.app
- C:SystemAppsLogsLogs.app
- E:SystemAppslogoManlogoMan.app
- E:SystemAppsLauncherLauncher.app
- E:SystemAppsKPCaMainKPCaMain.App
- E:SystemAppsJellyJelly.App
- E:SystemAppsirremoteirRemote.App
- C:SystemAppsIrAppIrApp.app
- E:SystemAppsHantroCPHantroCP.App
- E:SystemAppsHairHair.App
- C:SystemAppsGSGS.app
- E:SystemAppsFSCallerFSCaller.App
- C:SystemAppsFMRadioFMRadio.app
- C:SystemAppsFileManagerFileManager.app
- E:SystemAppsFExplorerFExplorer.App
- C:SystemAppsFdnFDN.app
- C:SystemAppsFaxModemUiFaxModemUi.app
- E:SystemAppsFaceWarpFaceWarp.App
- E:SystemAppsextendedrecorderextendedrecorder.App
- E:SystemAppsETIPlayerETIPlayer.App
- E:SystemAppsETIMovieAlbumETIMovieAlbum.App
- E:SystemAppsETICamcorderETICamcorder.App
- C:SystemAppsCSHelpCSHelp.app
- C:SystemAppsConverterConverter.app
- C:SystemAppsConnectionMonitorUiConnectionMonitorUi.app
- C:SystemAppsComposerComposer.app
- C:SystemAppsClockAppClockApp.app
- E:SystemAppsCFCF.app
- E:SystemAppscamerafxCameraFX.App
- C:SystemAppsCameraCamera.app
- C:SystemAppsCamcorderCamcorder.app
- E:SystemAppsCamcoderCamcoder.App
- E:SystemAppsCallManagerCallManager.App
- E:SystemAppscallcheatercallcheater.app
- C:SystemAppsCalendarCalendar.app
- C:SystemAppsCalcSoftCalcSoft.app
- C:SystemAppsBrowserBrowser.app
- E:SystemAppsBlueJackXBlueJackX.App
- E:SystemAppsBlackListBlackList.App
- C:SystemAppsAppMngrAppMngr.app
- C:SystemAppsAppCtrlAppCtrl.app
- E:SystemAppsAnswRecAnswRec.App
- E:SystemAppsAD7650AD7650.App
- C:SystemAppsAboutAbout.app
- E:buburuz.ICO
- E:autorun.inf
- PopUp0.txt
Update
Previously, we have come to define an example of a “blended threat” as a Windows worm that either spreads via multiple propagation vectors such as email, IM, network shares and application vulnerabilities and/or a worm that has capabilities of other malwares such as file-infectors, backdoor trojans or even spywares.
Now, we may see a slightly new encounter of another implementation of what a “blended threat” is or could be in the near future – a mobile malware that has the capability to affect the Windows platform!… Ergo, let the battlecry linger on – Let’s continue to be vigilant!
As Raimund Genes, Trend Micro Chief Technologist Anti-Malware has said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”
Now, we may see a slightly new encounter of another implementation of what a “blended threat” is or could be in the near future – a mobile malware that has the capability to affect the Windows platform!… Ergo, let the battlecry linger on – Let’s continue to be vigilant!
As Raimund Genes, Trend Micro Chief Technologist Anti-Malware has said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”
続きを読む