AUGUST 9, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Mobile Threats: In It to Win the Threat Race

Security for Home Users
Master Key Vulnerability Unlocks Your Phone to Malware

Security for Business
Coping with Evolution: Virtual Patching for Mutating Bugs and Businesses



Security Spotlight

Mobile Threats: In It to Win the Threat Race

Apart from what have become threat landscape staples—mobile malware—even device bugs have begun invading the mobile space.”



Mobile threats continued to follow the footsteps of PC threats in the second quarter of the year. Apart from what have become threat landscape staples—mobile malware—even device bugs have begun invading the mobile space.

Bugs: From PC to Mobile

True to one of Trend Micro CTO Raimund Genes’s forecasts for 2013, Android™ threats did become even more sophisticated. One of the most notorious threats to date, an Android device bug dubbed the “master key” vulnerability was found last July and said to have affected tons of devices. When the bug is exploited, it inserts code to legitimate apps, turning them into malicious ones. This may take a little prodding via social engineering ploys like the use of fake updates that may not be obvious to most users though.

So, just think how fortunate bad guys who turn your banking app into a Trojanized version would be if the phone you use to bank online has this bug. Like affected users of the Trojanized NH Bank app who may not know it, cybercriminals could easily siphon off your hard-earned money with the aid of a simple phishing ploy.

Mobile Malware: Fueled Even More

As if the master key vulnerability wasn’t enough, the quarter also saw the OBAD malware rear its ugly head. Armed with better stealth routines, OBAD made detection and removal even harder to do for security companies.

The Race Isn’t Over Yet

Though mobile threats again took the limelight in the second quarter of 2013, other notable PC threats fought their way to the forefront. Online banking threats have stepped out of their comfort zone to begin targeting users in South Korea and Japan. New and improved social engineering lures, single sign-on (SSO) and multiprotocol services, and blogging platforms were used for all kinds of malicious schemes.

Targeted attacks and vulnerability exploits, meanwhile, continued to plague enterprises, stressing just how important a multitier defense strategy is for corporate networks.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: