- Threat Encyclopedia
- Web Attacks
- Luckycat Leads to Attacks Against Several Industries
Others received malicious email with attachments that leverage Tibetan themes.
Attack Component | Protection Technology | Trend Micro Solution |
HTTP C&C communication fingerprint count.php?m=c&n=[HOSTNAME]_[MAC_ADDRESS]_[CAMPAIGN_CODE]@ | Web Reputation | Endpoint (Titanium, Worry-Free Business Security, OfficeScan) Server (Deep Security) Messaging (InterScan Messaging Security, ScanMail Suite for Microsoft Exchange) Network (Deep Discovery) Gateway (InterScan Web Security, InterScan Messaging Security) Mobile (Mobile Security) |
TROJ_WIMMIE VBS_WIMMIE |
File Reputation (Antivirus/Anti-malware) | Endpoint (Titanium, Worry-Free Business Security, OfficeScan) Server (Deep Security) Messaging (InterScan Messaging Security, ScanMail Suite for Microsoft Exchange) Network (Deep Discovery) Gateway (InterScan Web Security, InterScan Messaging Security) Mobile (Mobile Security) |
Attack Component | Protection Technology | Trend Micro Solution |
CVE-2010-3333 CVE-2010-2883 CVE-2010-3654 CVE-2011-0611 CVE-2011-246 |
Vulnerability Shielding / Virtual Patching | Server (Deep Security) Endpoint (OfficeScan with Intrusion Defense Firewall Plug-In) For CVE-2010-3333: Rule #1004498 (Microsoft Word .RTF File Parsing Stack Buffer Overflow Vulnerability) For CVE-2010-2883: Rule #1004393 (Adobe Reader SING Table Parsing Vulnerability) Rule #1004113 (identified malicious .PDF file) Rule #1004315 (identified malicious .PDF file - 3) For CVE-2010-3654: Rule #1004497 (Adobe Flash Player Unspecified Code Execution Vulnerability) For CVE-2011-0611: Rule #1004801 (Adobe Flash Player .SWF File Remote Memory Corruption Vulnerability) Rule #1004114 (identified malicious .SWF file) Rule #1004647 (restrict Microsoft Office file with embedded .SWF file) For CVE-2011-2462: Rule #1004871 (Adobe Acrobat/Reader U3D Component Memory Corruption Vulnerability) Rule #1004873 (Adobe Acrobat/Reader U3D Component Memory Corruption) |
Attack Component | Protection Technology | Trend Micro Solution |
{BLOCKED}e.1x.biz {BLOCKED}sbrain.shop.co {BLOCKED}llworldcup.website.org {BLOCKED}hales.shop.co {BLOCKED}2325.x.gg {BLOCKED}chow.shop.co {BLOCKED}hop.kilu.org {BLOCKED}t.shop.co {BLOCKED}orts.website.org {BLOCKED}rs.shop.co {BLOCKED}ort.shopping2000.com {BLOCKED}ll.all.co.uk {BLOCKED}uipment.website.org {BLOCKED}sport.website.org {BLOCKED}ool.website.org {BLOCKED}oomsite.com {BLOCKED}3.gwchost.com {BLOCKED}ees.net {BLOCKED}een.0fees.net {BLOCKED}nnets.0fees.net {BLOCKED}memaster.kilu.org {BLOCKED}choice.shop.co {BLOCKED}hecle.shop.co {BLOCKED}ith.0fees.net |
Web, Domain, and IP Reputation | Endpoint (Titanium, Worry-Free Business Security, OfficeScan) Server (Deep Security) Messaging (InterScan Messaging Security, ScanMail Suite for Microsoft Exchange) Network (Deep Discovery) Gateway (InterScan Web Security, InterScan Messaging Security) Mobile (Mobile Security) |