November 14, 2011 – Six countries in the APAC region made the top 10 spam-sending countries and contributed to about 40% of total spam last quarter, according to Trend Micro’s Third Quarter Threat Report. India and South Korea occupied the top two spots, while Vietnam, Indonesia, Pakistan and Taiwan earned 4th, 5th, 7th, and 9th places, respectively. The United States, which commonly takes the top spot, was not on the top 10 spam-sending countries list most likely due to the arrest of several spambot operators.
The region was not exempt from targeted attacks, particularly against large enterprises and government institutions. During the third quarter, Trend Micro threat researchers uncovered of one of the most notable groups of targeted attacks – the LURID downloader.
These attacks, which were classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Vietnam, India, and China. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users’ systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.
· When the SK Comms data breach last July affected at least 35 million users in South Korea, Trend Micro analysts discovered a backdoor program that may have a hand in the said incident. The malware, which is detected as BKDR_SOGU.A had the capability to access databases stored in infected systems in order to gather data. It also allowed remote malicious users to send commands to infected systems, thus compromising their security.
· The exploitation of various vulnerabilities in the osCommerce software led to a mass compromise. An estimated 90,000 Web pages have been injected with an iframe that pointed to malicious sites hosting an exploit kit.
· Google replaced Microsoft as the number one vendor for reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity. Oracle came in second, with 63; Microsoft fell to third place, with 58.
· Trend Micro threat analysts came across a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps utilize, copies of this new Android malware littered a Chinese third-party app store.
· In the first half of July, Trend Micro researchers spotted a page that enticed users to click a link to get free invitations to Google’s latest stab at taking a slice of the social media pie— Google+. Instead of invitations to join the site, however, all the users got was an "opportunity” to take part in a survey that put them at risk.
· LinkedIn users were also part of a criminal scam that tricked them into clicking a malicious link to a supposed Justin Bieber video that redirected them to a malicious site.
In addition to the discovery of the LURID downloader, Trend Micro and other global security teams made impressive takedowns in Q3:
· After months of monitoring, Trend Micro researchers uncovered a SpyEye operation controlled by a cybercriminal residing in Russia with the handle, "Soldier,” and his accomplice in Hollywood, California. This botnet operation, which amassed more than US$3.2 million within six months, targeted large enterprises and government institutions in the United States, as well as organizations in Canada, the United Kingdom, India, and Mexico. More details on this win can be found in Trend Micro’s research paper, "From Russia to Hollywood: Turning Tables on a SpyEye Cybercrime Ring.”
· Trend Micro researchers were also able to gather in-depth information on two of the largest FAKEAV affiliate networks to date—BeeCoin and MoneyBeat. More details on how FAKEAV affiliate networks work can be found in the research paper, "Targeting the Source: FAKEAV Affiliate Networks.”