Russian hackers infects via Powerpoint

Problem description:
A zero-day vulnerability was exposed today in desktop and server versions of Vista and Sever 2008 to current versions. It was believed to be associated in cyber attacks related to NATO by Russian cyber espionage group.

By using a PowerPoint document, an .INF file in embedded OLE object can be copied from a remote SMB share folder and installed on the system. Attackers can exploit this logic defect to execute another malware, downloaded via the same means. The severity of the vulnerability is highly critical because it fairly simple to exploit. Threat researchers at Trend Micro detected the exploit as TROJ_MDLOAD.PGTY, which in turn leads to the download of INF_BLACKEN.A when successfully exploited. This malware, on the other hand, downloads and executes the backdoor, which we detect as BKDR_BLACKEN.A.


Because of this vulnerability are not arduous to exploit, attackers may abuse this so as to create new malware payload. Trend Micro secures users from this threat via detecting the exploit and malware payload via its Smart Protection Network.  Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage this vulnerability.

Users are strongly advised to patch their systems once Microsoft releases their security update for this. In addition, it is recommended for users and employees not to open Powerpoint files from unknown sources as this may possibly lead to a series of malware infection.

More details:

 All the best,
Technical Lead Nordics

Frederick Wennmark - Trend Micro

Dropbox again…

Problem definition:

If you use Dropbox, you need to change your password immediately; by all indications, there has been a breach in account security. In a leak on Pastebin the user claims to have the usernames and passwords of nearly 7 million Dropbox users. To prove that the information is real, 420 usernames and passwords have been posted.

It goes without saying that this will hurt Dropbox’s reputation, but it will also affect the entire industry too, as some users are already nervous about giving other companies the ability to store their content.

This is the third time that Dropbox has been in the news this week with a headline it likely wishes it could bury. Earlier this week we reported that there was a bug with the service that could permanently delete a file, and Edward Snowden said you should not use the platform as well.

Trend Micro SafeSync. Works where you want it to, backing up and syncing files between your computers and mobile devices. Secure sharing with passwords or expiry dates and disable the link when you’re finished. 25+ years of Trend Micro Internet security expertise goes into every single aspect of SafeSync. Bank-level encryption means your files are protected from the bad guys.

SafeSync for Enterprise gives your employees a secure and familiar way (functions like Dropbox or Google Drive) to get data onto their devices while ensuring that sensitive data remains protected when it moves off the device. You can maintain control of shared data by storing your sensitive data in a controlled corporate environment and by defining which file types are too sensitive to synchronize to mobile devices.

All the best,
Technical Lead Nordics

Frederick Wennmark - Trend Micro



We all hold our thumbs

We should not have to but we do – accepting that our systems leaks like an old wooden boat.

So, how your security patching routines look like? Late Friday nights? Weekends? It’s a pain and we have to live with it.


But the most critical question here is not when we have time to patch or who does the actual job. But rather when is a security patch available??? As soon as the vulnerability is found, the hackers go to work and the clock is ticking. And we all hold our thumbs that the patch comes before the hackers.

We saw Shellshock vulnerability used in botnet attacks immediately after the announcement. Much before any security patch was released.

The hackers have an unfair advantage. That’s the brutal fact. We just have to do what we can to minimize the risk.

So, wouldn’t it be nice to have a security system that could just make a temporary security patch until your software vendor has published the official patch?

We at Trend Micro try to deliver the facts to you about threats we see AND a solution. Hope you stay tuned.

All the best,
Technical Lead Nordics

Frederick Wennmark - Trend Micro

Trend Micro virtual patching solutions deliver immediate protection while eliminating the operational pains of emergency patching, frequent patch cycles, and costly system downtime. Our Deep Security virtual patching keeps your servers and endpoints protected while preventing costly emergency patching and upgrades as well as reducing the risk of breach disclosure costs. It even helps to extend the life of legacy systems and applications.

Two videos describing how it works, real life reference and the benefits:


Hvordan er sikkerheten under Sochi 2014?

NBC News og Trend Micro har utført et eksperiment for å  avdekke om Russland fortsatt er et risikabelt sted for digital aktivitet. Når OL i Sochi åpner i morgen vil det strømme på med over 1 million utøvere, offisielle representanter og tilskuere fra hele verden. Putin har lagt ned mye ressurser og ære på å sikre arrangementet med store sikkerhetsstyrker, droner, helikopter og annet materiell. Men er Sochi sikret digitalt? Mulig Putin ikke har samme motivasjon til å legge til rette for vern av digital enheter og kommunikasjon.

NBC News Richard Engel og Trend Micros Kyle Wilhoit satt opp en liten digitlal felle og reiste til Russland for å se om utøvere, journalister, statsledere, sponsorer, IOC eller andre tilskuere kan føle seg trygge når de bruker sine digitale verktøy.

Bilde: Atos

Bilde: Atos

De simulerte et alter ego av Richard Engel, utstyrt med en MacBook, en Android smarttelefon og en Windows laptop. På disse tre enhetene ble det gjennom hele oppholdet i Russland simulert full aktivitet for at de skulle virke mest mulig tilitsvekkende for hackere og skadelig kode. Det tok ikke lang tid før angrepene begynte…

Følg med på artikkelserien på Trend Micro sikkerhetsblog og på NBC News Sochi Olympics Web-TV



Andre media har nå plukket opp saken:

Huffington Post



Gir EU peanøttbøter til Google?

EUs visepresident og kommissær for justis, grunnleggende rettigheter og EU-borgerskap avfeier bøter gitt den siste tiden til Google som «lommerusk». I følge Vivian Reding bør straffen være i størrelsesordenen 1 milliard Euro for at slike selskap tar håndtering av personlige data på alvor.

EU og ikke minst franske og spanske myndigheter har jaktet tålmodig  etter juridiske svakheter med Googles ny personvernsbestemmelser. Google vil nå sammenstille og bruke personlig data innsamlet ved bruk en mengde online-tjenester. I følge det spankse datatilsyn samler Google inn informasjon fra nesten 100 tjenester, men har hverken fått aksept fra brukerne eller forklart hva data skal brukes til.


Foto: Daniella Segura

Problemet er at en etter iherdig innsats fra spanske og franske advokater ikke kan bøtelegge Google med mere enn maksimum straff etter landenes personvernslover. Kraftige bøter for selv en rimelig stor norsk bedrift; 900.000 Euro (Spania) og 150.000 Euro (Frankrike). For Google, et selskap med omsetning på over 40 milliarder Euro i 2013, er dette peanøtter! Forholdet mellom et høyt trappetrinn og høyden på Mount Everest.

Nå vil Reding og EU kommisjonen gå drastisk til verks og ønsker bøter på inntil 5% av av selskaps globale omsetning, om de ikke kan eller vil håndtere private data etter regelboken. Uansett hvilke verdier eller prosenter EU faller ned på, så er målet at bøtene skal svi godt. Og etterhvert må også selskaper her på berget forholde seg til dem.

Hvis intensjonen med bøtene er å endre selskapers adferd, må de være store nok slik at det å unngå dem er en smartere forretningsstrategi enn bare ganske enkelt å betale dem.