JULY 18, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Beware of Adware

Security for Home Users
Race to the End

Security for Business
Biting the 64-bit Bait



Security Spotlight

Beware of Adware

The actors behind MEVADE/SEFNIT malware proved that adware can be so much more than just a source of annoyance. They can also be sources of more dangerous malware.”



Trend Micro research shows that an Israel-based adware company was behind the spread of MEVADE/SEFNIT malware. The actors behind this malware managed to stay under the radar until the third quarter of 2013 when they modified how their bots communicated with the bot master.

MEVADE/SEFNIT turned out to be a malicious creation of the said adware company. It’s main purpose? Click fraud and some Bitcoin mining.

Tor-rential Surge in Users

So how did the bad guys end up on our radar? Reports of a sudden surge in the number of Tor users in August 2013 got our attention. Because Tor isn’t capable of being accessed by millions of computers, it nearly collapsed.

InstallBrain Damage

MEVADE/SEFNIT malware can infect computers in various ways though the most common means is through InstallBrain. Inflicting damage through spreading malware wasn’t so hard to do for the cybercriminals because millions of computers already had their adware, which they turned into MEVADE/SEFNIT downloaders.

Microsoft took notice of this, prompting the company behind InstallBrain—iBario—to remove it from the list of brands on its corporate site. It has since been replaced by “UnknownFile,” which turned out to be just another name for “InstallBrain.”

The Tie That Binds iBario to MEVADE/SEFNIT

An iBario executive dismissed reports that their company had ties to the brains behind MEVADE/SEFNIT who were based in the Ukraine. But we found evidence and other data like an organizational chart and the presence of MEVADE/SEFNIT malware in the company’s network that said otherwise.

The actors behind MEVADE/SEFNIT malware proved that adware can be so much more than just a source of annoyance. They can also be sources of more dangerous malware.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: