threat trends report q1 2011 en

8/2/2019 Threat Trends Report q1 2011 En

1/20

Trend Micro

TrendLabsGlobal Threat Trends 1H 2010


2/20

Threat Trends 4

Email Threat Trends 5

Web-Based Threat Trends 8

File-Based Threat Trends 9

Cybercrime and Botnets 10

Underground Economy 12

High Prole Incidents o 1H2010 12

Vulnerabilities 15

Trend Micro Technology and Protection 16

Smart Protection Network 16

Solutions and Services 16

TrendMicroEnterpriseSecurity 16

TrendMicroSecureCloud 16

TrendMicroWorry-FreeBusinessSecurity 16

TrendMicroTitanium 17

AdviceorBusinessesAdoptingCloudStrategies 17

AdviceorBusinesses 17-18

TopTipsorEndUsers 19

About TrendLabs 20

Table o Contents


3/20

Introduction

Cybercrime is now a ully fedged, but highly illegal business.

And its all about money.

AstheUndergroundEconomyhasgrownandfourished,cybercriminalshavedeveloped

newmethodsortrickingvictims.Theirscamsareamazinglylucrative,withprotstotaling

inthebillionsperyear.ManyperpetratorshailromEasternEuropewherecybercrime

isrampantandconsideredbusinessasusual.Canadianpharmacyspam,akeantivirus

andothersarepartoawell-organizedbusinessmodelbasedontheconceptoaliate

networking.Inthecaseocybercrime,productssoldviaaliatemarketingmaybehighly

protable,althoughhighlyillegalsuchasclickraudandsellingcreditcarddetails.

InthisreportcoveringJanuarytoJune2010,weexaminevariouscybercrimeincidents,

thecriminalsuseomultipletoolssuchasbotnets,andlookatthreattrendsandactivity

currentlycausing,andlikelytocontinuetocausethemostpain,costanddisruptionto

connectedusersacrosstheworld.

Manythreatshaveevolvedinrecenttimes,becomingmoresilent,andmoreinsidious.

Threatsareintertwinedmeaningalmosteverythreatcomprisesmultiplecomponents

orattacking,inectingandcompromisingdata.Componentsalwaysrelatetooneormore

otheollowingthreevectorsemail,webandle.Duringtherstsixmonthso2010

TrendLabsSMidentiedEuropeasthelargestsourceospamemails,whileEducationisthe

industrymostaectedbymalwarecompromise.Meanwhile,theUSistheprimarysource

omaliciousURLs.

Vulnerabilityexploitsareakeyassetusedbycybercriminals.Theybuyandsellvulnerability

inormation,exploitcode,aswellasothertypesomalware.Inthersthalo2010,over

2500commonvulnerabilitiesandexposures(CVEs)wererecorded.

Proessionalcriminalsarewidelyknowntobetheperpetratorsoalmostallthreats.

Botnetsaremanagedandrunasanenterpriseorganizationmanagesitsnetwork.Making

moneyistheprimaryaim.

3


4/20

Threat Trends

The Trend Micro Smart Protection Network inrastructure

delivers advanced protection rom the cloud, blocking threatsin real-time beore they reach you. Leveraging a unique, cloud-

client architecture, it is powered by a global network o threat

intelligence sensors, email, Web, and le reputation technologies

that work together to dramatically reduce inections.

TheSmartProtectionNetworkisnowseeing45billionqueriesevery24hours,whileit

blocks5billionthreatsandprocesses2.5terabytesodataonadailybasis.Onaverage80

millionusersareconnectedtothenetworkeachday.

ThiscommunityousershelpsenableTrendMicroSmartProtectionNetworktocontinue

evolvingandimprovingprotectioninreal-time.

Theollowingdatapoints,takenromSmartProtectionNetworkandothersupporting

monitoringsystems,provideacomprehensiveinsightintothethreatsTrendMicro

protecteditsusersagainst,intherstsixmonthso2010.

4


5/20

Spam

SpamcontinuedtogrowbetweenJanuaryandJune2010,

albeitwithabrieintervalduringApril.

Themostnotablechangebetweentherstandsecond

quarterso2010,wasthereductioninspamromAPAC

andtheincreaseinspamromEurope.Countriesstrongly

contributingtothegrowthinspamromEuropeinclude

Germany,UK,ItalyandFrance.

Currently,TrendLabsmonitors38languagesanddialects

usedinspam.Thiscoverageiscontinuouslybeing

improvedtoprovideincreasedprotectionagainsthighly

localizedspam.Morethan95%ospamisinEnglish.For

thenon-Englishspam,thetopmostcommonlanguages

receivedareRussian,Japanese,Chinese,Spanish,

andFrench.

Mostothespamtrackedduringthepastsixmonthsall

undertheollowingthreecategories:Commercial(28%),

Scams(22%),orHealth/Medical(15%).Intermsospam

technique,37%ototalsamplesuseHTML,ollowedby

PlainText(25%)andShortSpam(10%).

Spam Volume

3,500,000,000

3,000,000,000

2,500,000,000

2,000,000,000

1,500,000,000

1,000,000,000

500,000,000

0.00

JAN

FEB

MAR

APR

MAY

JUN

Regional Spam Sources - Q1

31%

38%

14%

14%

3% 0%

APAC

Europe

North America

South America

Unknown

Africa

Regional Spam Sources - Q2

28%

44%

14%

11%

3% 0%

APAC

Europe

North America

South America

Unknown

Africa

Spam Technique Distribution

25%

37%

6%

10%

4% 2%

5%1%0%

Plain Text

HTML

Image

PDF/RTF attached

GIF/JPEG attachedRAR/Zip attached

XLS attached

DOC/TXT attached

HTML Inserts

Short Spam

Salad

Others

3%

6%

Email Threat Trends

5


6/20


7/20

Theollowingchartshowsthetotalnumberospambot

inectedcomputersTrendLabsidentiedpercountry.A

spambotisaninectedcomputercontrolledbyabotnet

knowntoprolicallydistributespam,althoughitis

unlikelytobelimitedtoonlythistypeoactivity.Note,

thatthisisnotthetotalnumberoinectedcomputers

asmanybotsarenotusedtodistributespam.

However,thetotalnumberoactivespammingIPsin

IndiaandBrazilarewellaheadotheirclosestrival,

Germany.Inthepast6months,bothIndiaandBrazil

haveullyemergedascentralcountriesinthecyber

criminallandscape.

Phishing

Targeted Entities

Inalphabeticalorder,theourmostpopularentities

targetedviabothphishingemailandspooedsitesinthe

rstsixmonthso2010were(1)BankoAmerica,(2)eBay,

(3)HSBC,and(4)PayPal.

Whilethemajorityothetop10targetedentitiesare

commercialornancialentities,socialmediaplatorms

likeFacebookandTwitter,aswellasMMORPGslike

WorldoWarcrat,werealsoconsistentlypresent.The

majorityothenewentitiesbeingtargetedbyphishers

arelocalbanksinspeciccountries(e.g.,Italy,Malaysia,

UnitedStates)andonlinegamingservices(seebelow,in

alphabeticalorder):

AirAcademyFCU:acreditunionwithbranches

inColorado

BancaDelMontediLucca

BancaCarige:acommercialItalianbank,including

someoitssubsidiarieslikeCassadiRisparmiodi

CarraraandCassadiRisparmiodiSavona

BancaCesarePonti:acommercialItalianbank

BancaSai:acommercialItalianbank

Battle.net:anonlinegamingserviceoperatedby

BlizzardEntertainment

CassadiRisparmiodiFerrara:acommercial

Italianbank

CenturyLink:atelecommunicationscompanyinthe

UnitedStates FirstCaribbeanInternationalBank:aBarbados-based

bankoperatingintheCaribbean

iQuebec:aFrench-languageInternetportal

Lottomatica:anItaliangamingcompany

NantahalaBank&TrustCompany:anAmericanbank

NCSot:anonlinegamingserviceprovider

PinnacleBank:anAmericanbank

PresidentsChoiceFinancial:aCanadianbank

PublicBankBerhad:aMalaysianBank

SCRIGNOorBancaPopolareDiSondrio:an

Italianbank

Phishing Techniques

BetweenJanuaryandJune2010,phisherscontinuedthe

trendoexplicitlydisplayphishingURLs.Thisindicates

victimsstilltrustthatasiteisauthenticbasedonmore

obviousvisualcluessuchasthesitesappearanceanduse

ocorrectcompanylogos,insteadoinspectingtheURL

addressbar.

7

1H10 Total Host Count by Country

0

25,000,000

20,000,000

15,000,000

10,000,000

5,000,000

IND

BRA

DEU

VMN

RUS

USAITA

GBR

UKR

SAU

COL

ESP

POL

CHN

ARG

TWN

ROM

THA

TUR

SRB

GRC

PRTIDN

PAK

others


8/20

Web-Based Threat Trends

TheonslaughtothreatsusingtheWebasameans

topropagatewillincreasinglycausechallengesor

organizationsandendusers.

Bad Actors vs. Victims

BadActorsreerstothesourceomaliciousURLs.The

UnitedStateshasconsistentlybeentheprimarysource

omaliciousURLs,whileJapanaccessedthegreatest

numberomaliciousURLs.Similarly,NorthAmericais

thetopcontinentthathasthemostmaliciousURLs,while

Asiaisthecontinentwithmostvictims.

Top URLs and Domains Blocked

BelowisthelistotheURLsthatconsistentlyappearedin

thetop10or4-6months(innoparticularorder):

Belowisthelistodomainsthatconsistentlyappearedin

thetop10or4-6months(innoparticularorder):

8

Growth in Malicious URLs

4,000,000,000

3,500,000,000

3,000,000,000

2,500,000,000

2,000,000,000

1,500,000,000

1,000,000,000

500,000,000

0

JAN

FEB

MAR

APR

MAY

JUN

# JAN FEB MAR Q1

1 UnitedStates UnitedStates UnitedStates UnitedStates

2 China China China China

3 N etherlands Netherlands Netherl ands Netherl ands

4 RussianFederation

Germany Germany Germany

5 Germany RussianFederation

Romania RussianFederation

6 Romania Japan Japan Romania

7 Japan Romania RussianFederation

Japan

8 France France UnitedKingdom France

9 U ni te d Ki ngdo m U n ite d Ki ngdo m Fran ce U ni ted K in gd om

10 Ukraine Canada Canada Canada

11 BosniaandHerzegovina

Ukraine Ukraine Ukraine

12 Canada SouthKorea SouthKorea SouthKorea

13 SouthKorea Italy Italy Sweden

14 Sweden Sweden Sweden Italy

15 Portugal Poland Australia Poland

16 Poland Turkey Bahamas BosniaandHerzegovina

17 Italy Australia Turkey Turkey

18 Turkey CzechRepublic Poland Australia

19 Australia Taiwan CzechRepublic Portugal

20 Israel Panama Panama CzechRepublic

URL Description

ad.globe7.com:80/irame3(USA) ContainsmaliciousIFRAMEcode

bid.openx.net:80/json(USA) KnowntodownloadTROJ_AGENTvariants

delivery.adyea.com:80/lg.php(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.ininthedrivesrootdirectories

dt.tongji.linezing.com:80/tongji.do(CHN)

RelatedtoJS_DLOADR.ATF

hot1.xgazo.ino:80/pic.php(USA) Proxyavoidancesite

newt1.adultadworld.com:80/jsc/z5/2.html(USA)

Adultwebsite

openxxx.viragemedia.com:80/www/delivery/ar.php(NLD)

Knowntohostadware

URL Description

bid.openx.net(USA) KnowntodownloadTROJ_AGENTvariants

delivery.adyea.com(DEU) Knowntodownloadworms;setsdrivestoautoplaybycreatingautorun.ininthedrivesrootdirectories

dt.tongji.linezing.com(CHN) RelatedtoJS_DLOADR.ATF

h ot 1. xga zo. ino ( USA) P roxy avo id an ce si te

newt1.adultadworld.com(USA) Adultwebsite

openxxx.viragemedia.com(NLD) Knowntohostadware

tracconverter.biz(USA) KnowntobeaccessedbyConcker/DOWNADvariants

# APR MA JUN Q2

1 UnitedStates UnitedStates UnitedStates UnitedStates

2 China China Ireland China

3 Netherlands Romania China Ireland

4 Germany Germany Romania Romania

5 Romania Japan Japan Germany

6 Japan UnitedKingdom Germany Japan

7 UnitedKingdom Netherlands UnitedKingdom Netherlands

8 Ru ss ia n Fe de rat ion U kra in e N et he rl an ds U ni te d Ki ng do m

9 Ukraine RussianFederation RussianFederation RussianFederation

10 France France Ukraine Ukraine

11 Canada SouthKorea France France

12 SouthKorea Canada SouthKorea Canada

13 Italy Australia Canada SouthKorea

14 Australia Italy Sweden Australia

15 Sweden Belgium Belgium Sweden

16 Turkey Sweden Australia Belgium

17 Bahamas Taiwan Latvia Italy

18 Singapore Bahamas Italy Bahamas

19 CzechRepublic Singapore Bahamas Latvia

20 Poland Poland Taiwan Taiwan

Monthly Top 20 Bad Actors by Country


9/20

File-Based Threat Trends

New Malware Creation

Inordertoensurewidesourcingomalwaresamples,

TrendMicrohasitsownresearchandmonitoringsystems

andalsocollaborateswithmultipleindependentthird

parties.Includedamongtheseindependentthirdpartiesis

AV-test.org.Calculationsbaseduponthetotalnumbero

uniquesamplescollectedin2009,anewpieceomalware

iscreatedevery1.5seconds.

TrendLabsnowseesintheregiono250,000samples

eachday.However,recentestimatesplacethenumbero

uniquenewmalwaresamplesintroducedinasingledayat

greaterthan60,000uniquesamples.

Trojansaccountorabout60percentonewsignatures

createdbyTrendLabs,and53percentooverall

detectionsasoJune.BackdoorsandTrojan-spyware,otenassociateddenedascrimewareordata-stealing

malware,comeinsecondandthirdplaces,respectively.

However,themajorityoTrojansleadtodata-stealing

malware.

Inections according to Industry

ThechartbelowclearlyindicatesthatEducationasan

industryhasbeenhardesthitbyinectionsinthersthal

o2010.Thisislikelyowingtothenumberostudents

usingoldandoutodatesotwareandsecurity,and

possiblyvisitingsuspectwebsites.Theseissuescompound

thechallengesrelatedtosecuringacomplex,distributed

anddiverseinrastructure.

Inection breakdown by Industry

Inections tracked, by Industry over Time

New Unique Samples Added to

AV-Test.orgs Malware Collection

1,500,000

1,000,000

500,000

0

2,000,000

2007-01

2007-03

2007-05

2007-07

2007-09

2008-01

2008-03

2008-05

2008-07

2008-09

2008-11

2009-01

2009-03

2009-05

2007-07

2007-09

2009-11

2010-01

2010-03

Unique

Samples

Added

NEWThreat Every

1.5Seconds

TESTGrowth

3 Month Median

Forecast

Utilities

Technology

Other

Materials

Healthcare

Financial

Education

Transportation

Retail

Oil and Gas

Manufacturing

Government

Fast-Moving Consumer Goods (FMCG)

Communications and Media

Telecommunications

Real estate

Media

Insurance

Food and beverage

Energy

Banking

200,000,000

150,000,000

100,000,000

50,000,000

0

JAN

FEB

MAR

APR

MAY

JUN

10%

4%1%

Banking

Communication/Media

Education

Energy

Fast-Moving Consumer Goods

Financial

Food and beverage

Government

Healthcare

Insurance

Manufacturing

Materials

Media

Oil and gas

Other

Real estate

Retail

Technology

Telecommunications

Transportation

Utilities

2% 3%0%1%

6%

2%

0%0%

0%4%

0%1%

3%2%

44%10%

1%

2%

9


10/20

Cybercrime and Botnets

Botnets are the tool of choice for distributing malware,

perpetrating attacks and sending slews of spam

email. Through these botnets, botnet herders the

Cybercriminals behind the botnets earn millions of dollars

in money stolen from innocent computer users.

These cybercriminals buy and sell, build partnerships and

rent services just as above-board business would; the

main difference being the legitimacy and legality of the

products, solutions and services they handle.

In an effort to help better explain cybercrime, in April

2010, TrendLabs forward looking research grouppublished the following correlation map to provide

a pictorial representation of the cybercriminal

business model4.

This chart may on the face of it, seem quite complicated,

but we can illustrate by using BREDO and CUTWAIL as

an example.

CUTWAIL spammed messages contain BREDO variants,

therefore it can be assumed that the criminals behind

BREDO are paying the criminals behind CUTWAIL to send

spam containing BREDO. It is also likely that they are

paid per machine infected by the BREDO variant they

spammed. Note that these infected machines, which are

part of the CUTWAIL botnet, report back to the BREDO

botnet master.

The same thing happens between ZeuS and BREDO. The

criminals behind ZeuS pay the criminals behind BREDO to

install their (ZeuS) malware on infected machines. As we

all know, ZeuS malware steals bank account information,among other things (e.g., POP3 and FTP accounts).

CUTWAIL

BREDO

SASFIS

KOOBFACE

ZEUS

TDSS FAKEAV

How the thread is delivereda.k.a. PUSHDO

usually found in

social networking

sites

a.k.a

BREDOLAB

BREOLAB

notorious

information

stealer

Approved for

rootkit capabilities

spamware used to extort

money from victims. IT

exchange for fake

security software

used to deliver

Malware as pay per

install or pay per

access models

SPAM

Pay per Install

WALEDAC

10

4

http://blog.trendmicro.com/spotlighting-the-botnet-business-model/


11/20

Thereisanongoingcycleomoneymovingromone

placetoanother.Inanotherexample,criminalsbehind

FAKEAVgetpaidiusersbuytheirakeantivirus

programsandtheyusethismoneytopayotherbotnetsto

spreadtheirprograms.

Attheendotheday,theaimothissuccessiono

inectionsistostealmoneyromaectedusers.Keepin

mindthateverytimeaprimarybotnetdownloadsanother

malware,criminalsbehindthebotnetarepaid.

TrendLabsexpertsseethiscyclecontinuing,andevolving

constantly.ArguablytwothreatsthathavehadthemostimpactinthepastsixmonthsareZeuSandKOOBFACE.

ZeuS

ZeuSisprimarilyacrimewarekitdesignedtostealusers

onlinebankinglogincredentials,amongotherthings.Itis

thehandiworkoEasternEuropeanorganizedcriminals

thathasnowenteredtheundergroundcybercriminal

marketasacommodity.ZeuShasprolieratedinpart

duetotheavailabilityotheseZeuStoolkits,whichallow

cybercriminalstorapidlycreateZeuSvariantsinamatter

ominutes.HundredsonewZeuSvariantsareseenby

TrendMicroeveryday,andthisisnotlikelytochangein

thenearuture.

AnewversionotheZeuSmalwarehasalsobeen

encounteredinthewildsincethestartotheyear.These

newversions,requentlyreerredtoasZeuS2.0versions,

havehadtheirbehaviorchangedtobecomemoredicult

todetectandremoveromsystems.Inaddition,thisnew

versionalsoincludesdeaultsupportorcurrentversions

oWindows,wherebeoreithadtobeacquiredasan

upgrade5.

KOOBFACE

KOOBFACEhasbeenaroundsincelastyear,gearingup

tobecomethelargestsocialnetworkingthreattodate.

Intheearlypartothisyear,TrendLabsexpertsnoted

thattheKOOBFACEgangwascontinuouslyupdatingtheir

botnet:changingthebotnetsarchitecture,introducing

newcomponentbinaries,andmergingthebotnets

unctionswithotherbinaries.Theyalsobeganencrypting

theirC&Ccommunicationstoavoidmonitoringand

takedownbysecurityresearchersandtheauthorities.

KOOBFACEattacksusersonseveralsocialnetworking

sites,andgiventheincreasingusageacrossall

demographics,theKOOBFACEgangwillnotlikelyletgo

othismoney-generatingscheme.Inact,ithadbegun

trackingvisitors,asevidencedbyashortJavaScript

codeoundintheakevideopagestheganghassetup.

Thisenablesthecreatorstocorrelateuseractivitybased

ontimeodayandvolumeosuccessulKOOBFACE

inections6.

5http://us.trendmicro.com/imperia/md/content/us/trendwatchresearchandanalysis/zeusapersistentcriminalenterprise.pd

6http://us.trendmicro.com/imperia/md/content/us/trendwatch

researchandanalysis/web_2_0_botnet_evolution_-_koobace_revisited__may_2010_.pd

11


12/20

During their monitoring, experts from TrendLabs

identified the following items and their average price tag,

for sale on the underground.

Documents Scan Resale Services:

Passport/utility bill/statement - $20

Credit card (front and back) - $25

Passport/utility bill/statment - $20

Original docs - starts from $4

Passport - $20

Drivers License - $20

Credit cards - $30

Utility bill - $10

US Credit Card Sales:

US credit cards selling: USA /Master Card / VISA

Price $0.80c - $1 each

EU credit cards

Credit cards: Denmark, Greece, Ireland (Eire), Latvia,

Netherlands, Norway, Sweden

Price - $3 per card

Credit Card Money Cashers

Card information input service

Person inputs the information of the credit card in onlineshops, for delivery to the requested address

Price - $5

PayPal accounts selling

Sell Hacked PayPal accounts

Price - 30% of the current balance on the PayPal account

Between January and June 2010, there were many high

profile threat incidents. The following threat incidents are

those we believe had most impact on users and/or the

security industry.

1 The IE and other Zero Day Attacks7

In January, spammed emails loaded with malware files

were sent to users and malicious sites were been found to

contain hidden JavaScript malware that took advantage

of a zero-day vulnerability exploit in Internet Explorer. All

versions of Internet Explorer (except v5.01) were affected

and the exploit was known to send backdoor Trojans to

affected systems.

Once executed, these malicious backdoor files stole

information which was sent to a remote user. This zero-

day vulnerability was subsequently reprogrammed to

avoid a security feature in Internet Explorer forcing

Microsoft to release an out-of-band patch (Microsoft

Security Bulletin MS10-002) on 21 January. Some reports

also suggest that cybercriminals are also launching

attacks using recent vulnerabilities found in Adobe

Reader and Acrobat.

Independent researchers surmised that about 34

companies were affected by what was been described as a

highly sophisticated and targeted attack. This situation

is in line with the Trend Micro prediction that there would

be No global outbreaks, but localized and targeted

attacks.

2 ZeuS, ZBOT and Kneber

ZeuS, Kneber and ZBOT all relate to the notorious ZeuS

crimeware. In February, Kneber hit the headlines and

shone a spotlight on ZeuS, an established toolkit known

to be leveraged by many other threats, it is one of the

most dangerous threats online. ZeuS is often mistakenly

referred to as a botnet in fact, ZeuS is made up of many,many small botnets, all linked by their use of the same

crimeware.

ZeuS may arrive as an attachment or link in a spammed

message or be unknowingly downloaded via compromised

websites. Most ZeuS botnets target bank-related websites,

however, in the first 6 months of 2010, Trend Micro

monitored activity including:

Spam targeting government agencies

Phishing attacks that target AIM users

ZBOT variants that target the social networking

site Facebook

Underground Economy High Profile Incidents of 1H2010

7 http://threatinfo.trendmicro.com/vinfo/web_attacks/Zero-Day_Internet

Explorer_Bug_Downloads_HYDRAQ.html

12


13/20

Inordertoderaudvictims,thecriminalsbehindthis

threatgeneratealistobank-relatedwebsitesornancial

institutionsromwhichtheystealusernames,passwords

andothersensitivebankinginormation.Theyharvest

credentialssuchasthoseusedoronlineshopping,

onlinepaymentandFTP,andinsertextraormelements

tolegitimatepages(eg.Onlinebanking)thataskor

additionalinormationsuchasPINnumbers.

TrendLabspublishedacomprehensiveinsightintoZeuSin

March2010ZeuSaPersistentCriminalEnterprise 8.

3 - Mariposa Botnet UsesMariposa,butterfyinSpanish,reerstoanetworko13

millioncompromisedsystemsinmorethan190countries

worldwidethatismanagedbyasinglecommand-and-

control(C&C)serverinSpain.Thisbotnethasbeen

dubbedasoneothebiggestnetworksozombiePCs

incyberspacealongsidetheSDBOTIRC,DOWNAD/

Concker,andZeuSbotnets.TheMariposabotnetwasin

existenceasearlyasDecember2008,androsetoamein

May2009.

However,inMarch2010cameitsshutdownandthe

subsequentarrestothreeoitsmainperpetrators.

Typically,botnetscarrywiththembinariesormalicious

lesthattheirperpetratorsuseorvariouspurposes.At

thetimeitsnotorietywasgrowing,TrendMicrothreat

analystsoundWORM_AUTORUN.ZRO,awormretrieved

romcompromisedsystemsthatwereoundtobepart

otheMariposabotnet.Thiswormhastheabilityto

spreadviainstant-messaging(IM)applications,peer-

to-peer(P2P)networks,andremovabledrives.Some

binarieswerealsocapableospreadingbyexploitinga

vulnerabilityinInternetExplorer(IE).

Justlikeanyotherbotnet,DiasdePesadilla(DDP),aka

theNightmareDaysTeam,usedMariposatomakemoney.Thebotnetwasbeingusedtostealinormationsuchas

creditcardnumbers,bankaccountdetails,usernames

andpasswordstosocial-networkingsites,andimportant

lesoundonaectedsystemsharddrives,which

cybercriminalsmayuseinanumberoways.Expertsalso

oundthatDDPstolemoneydirectlyrombanksusing

moneymulesintheUnitedStatesandCanada.

FurtherdiggingintoMariposasbusinessmodelrevealed

thatitsadministratorsalsooeredundergroundservices

topotentialclients.Someotheseservicesincluded

hackingserverstotakecontrol,encryptingbotstomake

theminvisibletosecurityapplications,andcreating

anonymousVPNconnectionstoadministerbots.More

than200binariesotheMariposabotnethavebeen

oundinthewild.Amongthese,usersshouldbemost

waryoinormationstealersthatcompromisenotjust

bankinginormationbutalsoausersidentity.

4 - Shanghai World Expo as Bait in Cyber Attack

AttheendoMarch/beginningApril2010,TrendLabs

identiedanewattack,usingapreviouslyknownAdobe

exploit.Intheattack,emailedmessages,purportedly

comingromBureauoShanghaiWorldExpo,asked

recipientstoopenaleattachedtothemessage,andto

updatetheirsubmittedregistrationorms.Therewere

indicationsthattheattackwasintentionallytargeted

towardWesternjournalistsinAsia.Itisunclearhowthe

detailsopersonsregisteredtoattendtheExpowere

accessedbythecriminals,howeveritsworthnotingthat

theWorldExpowebsitestatedthatitexpectedaround70

millionattendeestotheeventthisyear 9.

Theattachmentwithinthespammedmessagewasa.PDF

lethattookadvantageoaknownvulnerability(patched

byAdobeinFebruary2010)inAdobeAcrobatandReader

(CVE-2010-0188).Oncesuccessullyexploited,the.PDF

ledroppedabackdoorprogramontotheaected

system,whichinturnenabledattackerstogainull

controloavictimsmachine.

Themethodusedtoexploitthisvulnerability,onthis

occasion,dieredromthatusedpreviously.Trend

Microresearchersidentiedthatthe.PDFleshadan

embeddedmalicious.TIFFle.Thisembedded.TIFFle,

whenprocessedbyvulnerableAdobeproducts,triggeredthevulnerabilityandtheexecutionoarbitrarycode.In

thisattack,systeminormationsuchasComputername,

CPUinormation,OSversion,andIPaddressothe

aectedsystemwasstolenandsenttoaremoteserver.

8http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pd

9http://threatino.trendmicro.com/vino/web_attacks/Shanghai_Expo_Spam_Carries_

Backdoor.html

13


14/20

5 - New, Shortened URLs in IM Spam,

Now result in KOOBFACE Malware

Cybercriminalsareveryadeptatemployingnew

techniquesinordertotrickandinectmoreusers.

InthemiddleoAprilthisyear,TrendLabsidentied

attacksospamoverIM,usingshortenedURLsortheir

misdemeanor.Thetwisttothisstoryisarelationship

betweenspamoverIM,BUZUSandKOOBFACE.

Mostusersoinstantmessengerapplicationshaveon

variousoccasionsseenattemptstodupetheminto

clickingonspamreceivedoverIMorstrangeriend

requests.

Itseemsthecybercriminalsmayhavealsorealizedthat

theirpasttechniquesmaybebecominglesseective,

andTrendLabshasjustrecentlydiscoveredthatthese

criminalsarenowusingshortenedURLstospam

malware.URL-shorteningservicesarenormallyusedto

compresslongandunreadableURLsintoshort,bite-sized

ones.TheseshortURLsaremoreportable,andarenow

generallypreerredoverthe(normallylong)actualURLs

whensharingnewswithinnetworks,blogs,Tweets,and

othersocialmediatools.URL-shorteningservicescanbe

usedtohidemaliciouslinksromview,therebytrickingusersintoclickingsuspiciouslinks.

KOOBFACEisanotoriousbotnetthatoriginallytargeted

innocentFacebookusers.Sincethen,ithasgoneonto

targetothersocialnetworks,andsoitisnotsurprising

thatthecriminalsbehindthethreatarelookingto

newavenuesthroughwhichtoextendtheirnetworko

compromisedmachines.KOOBFACEcausessomuch

consternationthatTrendLabshaspublished3separate

researchreportsonthesubject 10.

6 FAKEAV, the standard revenue generator 11

Throughouttherstsixmonthso2010,FAKEAV(or

RogueAntivirus)continuedtobeusedbycybercriminals

asakeyrevenuegenerator.Programsdesignedtolook

proessional,eventothepointooeringtelephone

supportservices,havebeenmaliciouslypushedto

innocentusersunderthepretenceoinectionand

vulnerability.FAKEAVleveragessocialengineeringto

captureusersattentionandmakethreatsbelievable.

Cybercriminalsusemultiplevectorstodelivertheir

threats.

Aewothemethodstheyusearelistedbelow:

Stealingromusersdirectlybyconvincingthemto

download,install,andthenpayorakesotware.

Inectingusersthroughmaliciouslinksplacedin

searchresultspoisonedsearchresultsareotherwise

knownasBlackHatSEO.

Deliveringapayloadomaliciousroutinesorinstallers

thatleaveadditionalmalwareontheinectedsystem.

UsingsocialengineeringsitessuchasTwitter,to

trickusers

Unlikemostthreats,FAKEAVsotwaredisplaysavisualelementtothetargeteduser.Thiscomesintheormo

akeuserinteracesthatuniversallyclaimthatthesystem

hasbeeninected.

Interestingly, FAKEAV has also become localized, with the sametool being ound in multiple languages, as can be seen in theollowing screenshot:

14

10http://us.trendmicro.com/us/trendwatch/research-and-analysis/whitepapers-and-articles/index.html

11http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/

threatbrie_nal.pd


15/20

Vulnerabilities

Vulnerabilitiesinapplicationshavealwaysbeenaparto

thesecuritylandscape,butrecentdevelopmentstowards

theWebhavemadetheseevenmoresignicant.Forend

users,vulnerabilitieshaveacilitateddrive-bythreats,

whereallthatisnecessarytobecomeinectedbymalware

istovisitawebsite.Thewebsiteneednotbemalicious;

itmaybecompromised(viamaliciousadvertisements,or

theadditionoiramesorJavascriptcode).Thisposesa

largeproblemthatisnoteasytomitigate.

Inaddition,serversarecomingunderincreasingre

aswell.Assumingwell-establishedservermanagement

proceduresareinplace,vulnerabilitiesbecomethebestmeansotryingtoexecutemalwareonservers.Whilethis

maybemoredicultthancompromisingasingleuser

system,thepotentialrewardisconsequentlygreater

aswell.

TrendMicroreceivesinormationaboutvulnerabilities

bothpubliclyandprivately.Privatevulnerability

inormationisreceivedbothromvendors(suchas

Microsot),third-partygroupssuchasTippingPointsZero-

DayInitiative12,andromthecybercriminalunderground.

Thescaleothisthreathasbeendocumented

independently.ApaperpresentedattheNinthWorkshopontheEconomicsoInormationSecuritydelvedinto

theonlineadultindustry,butalsoproledwhetherusers

wererunningbrowsersthatcontainedvulnerableplug-ins.

Theirstudy12concludedthatastaggering88.28percent

ouserswerevulnerable,asoberingnumberbyany

reckoning.

Withthesethreatsinmind,theollowinglooksatkey

vulnerabilitystatisticsrelatedtothersthalo2010.

TheTrendMicroThreatEncyclopedia 14includesa

SecurityAdvisorysectioninwhichdetailsoallcovered

vulnerabilitiescanbeound.

Vulnerability Statistics

Publicly-knownvulnerabilitiesarecommonlyreerenced

bytheCommonVulnerabilitiesandExposures(CVE)

system,whichassignsauniqueidentiertoeach

vulnerability.Inthersthalo2010,atotalo2,552CVEs

werepublished.Thisnumberisslightlybelowthesimilar

numberorthersthalo2009,whereatotalo3,086

CVEswerepublished.

However,itshouldbenotedthatthisdoesnotmeanthat

thevulnerabilitythreatislessening.Notallvulnerabilities

receiveaCVE;manyvulnerabilitiesthatareprivately

reportedtovendorsarenotincludedinthesystem.

Byvendor,ApplehadthemostCVEsissuedintherst

halotheyear:

Whilesomevendorsreceiveasignicantamounto

pressattentionorvulnerabilities,thischartservesasa

reminderthatthevulnerabilitythreatisarmoremulti-

prongedthanjustpatchingWindowsorupdatingFlash

andAcrobat/Reader.Inaddition,someothevendorswithlargenumbersovulnerabilitiesocusonenterprise

sotware,withcorrespondinglylongerpatchcyclesthat

potentiallyleaveusersatrisk.

Inaddition,thepresentationovulnerabilityinormation

tothegeneralpublicleavesmuchtobedesired.While

somevendorspresentvulnerabilityinormationpublicly

inwell-organizedbulletins,othersdosoinamoreadhoc

mannerorhidetheinormationbehindpaywallsontheir

websites.Thismakesproperthreatassessmentonthe

partousersbothenterpriseandconsumermuchmore

dicult.

Theoverallscaleothethreatposedbyvulnerabilities

andexploitsisclearlyvisiblewhenlookingatthenumber

oTROJ_PIDIEFmalwareseenbyTrendMicrointherst

halotheyear.ThePIDIEFmalwareamilyisspecically

madeupomalwarethatarrivesasPDFles,which

exploitvulnerabilitiesintheAcrobatamilyoproducts.

Inthersthalotheyear,atotalo666newdetection

nameswereaddedtoTrendMicroproducts.Each

detectionnamerepresentsmultiplein-the-wildvariants,

resultinginatotalnumberonewPDFthreatsnumbering

intothethousandsinonlysixmonths.

12http://www.zerodayinitiative.com/

13http://weis2010.econinosec.org/papers/session2/weis2010_wondracek.pd

14http://threatino.trendmicro.com/vino/deault.asp?page=1&sect=SA

15

3,500

3,000

2,500

2,000

1,500

1,000

500

0CVEs

2009

2010

CVEs200

180

160

140

120

100

80

60

40

20

0

CVEs

Apple

Microsoft

Oracle

Adobe

Cisco

IBM

Sun

Mozilla

Linux

HP

Novell

PHP

Apache

Redhat

FreeBSD


16/20

15http://us.trendmicro.com/us/trendwatch/core-technologies/index.html

16http://us.trendmicro.com/us/home/enterprise/

17http://trendmicro.mediaroom.com/index.php?s=43&news_item=830&type=current&year=0)

18

http://us.trendmicro.com/us/home/small-business/

Smart Protection Network

TheTrendMicroSmartProtectionNetwork

inrastructuredeliversadvancedprotectionromthe

cloud,blockingthreatsinreal-timebeoretheyreach

you.Bycontinuouslyprocessingthethreatintelligence

gatheredthroughitsextensiveglobalnetworko

honeypots,customersandpartners,TrendMicro

deliversautomaticprotectionagainstthelatestthreats

andprovidesbettertogethersecurity,muchlike

anautomatedneighborhoodwatchthatinvolvesthe

communityinprotectionoothers.Becausethethreat

inormationgatheredisbasedonthereputationothecommunicationsource,notonthecontentothespecic

communication,theprivacyoacustomerspersonalor

businessinormationisalwaysprotected.

TrendMicroSmartProtectionNetworkusespatent-

pendingin-the-cloudcorrelationtechnologywith

behaviouranalysistocorrelatecombinationsoweb,

emailandlethreatactivitiestodetermineitheyare

malicious.Bycorrelatingthedierentcomponentsoa

threatandcontinuouslyupdatingitsthreatdatabases,

TrendMicrohasthedistinctadvantageobeingableto

respondinrealtime,providingimmediateandautomatic

protectionromemail,leandWebthreats.

AnotherkeycomponentotheTrendMicroSmart

ProtectionNetworkisintegratedSmarteedbackthat

providescontinuouscommunicationbetweenTrendMicro

productsaswellasthecompanys24/7threatresearch

centersandtechnologiesinatwo-wayupdatestream.

Eachnewthreatidentiedviaasinglecustomersroutine

reputationcheck,orexample,automaticallyupdates

alloTrendMicrosthreatdatabasesaroundtheworld,

blockinganysubsequentcustomerencountersoa

giventhreat.

FurtherinormationandbenchmarksorTrendMicroSmartProtectionNetworkcanbeoundintheCore

TechnologiesareaoTrendWatch15.

Solutions and Services

Trend Micro Enterprise Security

TrendMicroEnterpriseSecurityisatightlyintegrated

oeringocontentsecurityproducts,services,and

solutionsthattakeulladvantageotheTrendMicro

SmartProtectionNetwork.Optimizedtodeliver

immediateprotection,TrendMicroEnterpriseSecurity

alsodramaticallyreducesthecostandcomplexityo

securitymanagement.

ForurtherinormationaboutTrendMicroEnterprise

Security,visittheEnterprisesectionotrendmicro.com

16

Trend Micro SecureCloud

NowavailableasaBetareleaseorearlyadopterso

cloudcomputing17,TrendMicroSecureCloudisahosted

key-managementanddata-encryptionsolutiondesigned

toprotectandcontrolcondentialinormationthat

youdeployintopublicandprivatecloud-computing

environments.

Trend Micro Worry-Free Business Security

Designedspecicallytottheneedsosmallbusinesses,

Worry-FreeBusinessSecurityprotectsyourcomputers

wherevertheyreconnectedintheoce,athomeorontheroad.PoweredbytheTrendMicroSmartProtection

Network,threatsaredetectedastertokeepyourdata

saeandyourprotectionconstantlyupdated.

FurtherdetailsandthebenetsoTrendMicroWorry-Free

BusinessSecuritycanbeoundontheSmallBusiness

sectionotrendmicro.com 18.

Trend Micro Titanium

Combiningeasy-to-usesecuritywithcloud-client

technologiesTrendMicroTitaniumblocksthreatssuchas

inectedwebsites,phishingattacks,virusesandspyware

beoretheycanreachauserscomputer.State-o-the-artprotectionorusersdataisdeliveredwhileensuringthat

computerperormanceisnotimpacted.

DetailsotheTrendMicroTitaniumproductlinecanbe

oundatwww.trendmicro.com/titanium.

Trend Micro Technology and Protection

16


17/20

Advice or Businesses Adopting Cloud Strategies

InMarch2010theCloudSecurityAlliance(CSA)

publishedTopThreatstoCloudComputingV1.0 19to

helporganizationsbetterunderstandtherisksocloud

computingandtoconsequentlymakemoreinormedrisk

managementdecisionswhenadoptingcloudstrategies.

Withtherightapproachandsecuritysolutionsthe

publiccloudcanbejustassecureasatypicaltraditional

corporatedatacentre.Werecommendthatorganizations

providetheirownlayersosecurityinadditiontothat

whichisaordedbycloudproviders.

1. Encryptallsensitivedatatheinormationthatis

exclusiveto,andownedby,yourorganization.The

operatingsystemandapplicationsarelessimportant

heretypicallyinthecloudtheyarestandardimages

thataresimplyrecycledbacktoamasterimageon

shutdown.Itstheinormationproprietarytoyou,or

thatyouhavecollectedromcustomersandbusiness

partners,whichyougenerallyhavealegalobligation

toprotect.

2. EnsurethatyourFirewall,IPS,andIDSprotecteach

oyourvirtualmachinesseparately.Particularlyina

PublicCloudenvironmenttheothervirtualmachines

runningonthesamephysicalhardwareasyoushould

beconsideredhostile.Therewallatthecloud

providersperimetercanthelpyouhere.

3. Onlydecryptyourdatawithinthatsecurecontainer

youveestablishedoryourvirtualmachine.Besure

youcheckortamperinganddatastealingmalware

beoredecryptingyourdata.

4. Makesurethatyouareincontrolotheencryption

keysitsyourdata!

TrendMicrooerstwoproductsDeepSecurityandSecureCloudwhichwhenlayeredtogethercanachieve

theourrecommendationsaboveandcounterthethreats

identied.

DeepSecurityisavailableandalreadyinwidespreaduse

andSecureCloudenteredpublicbetaoverthesummer

ollowingsuccessulpilottrials20.

Advice or Businesses

Use eective solutions to protect your business.

Toprotectyourcompanynetwork,deploysolutions

thatusecloud-basedprotection.Technologysuchas

theTrendMicroSmartProtectionNetworkcombines

Internet-based(in-the-cloud)technologieswith

lighter-weight,clientstohelpbusinessesclosethe

inectionwindowandrespondinrealtimebeore

threatscanevenreachausersPCorcompromise

anentirenetwork.BycheckingURLs,emails,and

lesagainstcontinuouslyupdatedandcorrelated

threatdatabasesinthecloud,customersalwayshaveimmediateaccesstothelatestprotectionwherever

theyconnect.

Phishingposesasignicantthreatororganizations.

Phishingsitescancompromiseyourbrandand/oryour

companysimageaswellasyourabilitytokeepyour

customerscondencewhileconductingbusinessover

theInternet.Protectyouremployeesandcustomers

byprocuringallbrand-relatedandlook-alikedomain

names.

Stayaheadothethreatsbyreadingsecurity-related

blogsandrelatedinormationpages(i.e.,ThreatEncyclopedia21,CloudSecurityBlog22,TrendLabs

MalwareBlog23andsocialnetworkssuchasTwitter 24)

whichcanhelpwarnandeducateuserswhomight

otherwisebedrawntowebsitesunderalsepretenses.

Educateyouremployeesabouthowcybercriminals

lurevictimstotheirschemes;makeuseothreat

inormationprovidedonsecurityvendorsiteslike

TrendWatch.

TrydownloadingtoolssuchastheTrendMicroThreat

Widgettohelpraiseawareness

19http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pd

20http://trendmicro.mediaroom.com/index.php?s=43&newsitem=830&type=current&year=0

21http://threatino.trendmicro.com/vino/deault.asp?sect=SA

22http://cloudsecurity.trendmicro.com/

23http://blog.trendmicro.com

24

http://twitter.com/trendmicro

17


18/20

Saeguard your customers interests.

Standardizecompanycommunicationsandletyour

customersknowaboutyouremailandwebsitepolicies.

Thisway,youcanhelpyourcustomersbetteridentiy

legitimatemessages.

Avoidsendingphishy-lookingemailmessagesby

ollowingtheseguidelines:

Donotrequestpersonalinormation

throughemail.

Personalizeemailwhenpossible.

DonotredirecttoanotherdomainromtheURL

providedtocustomers.

Donotrelyonpop-upwindowsordatacollection,

especiallythosewithnoaddressbarsor

navigationalelements.

Donotuseinstantmessagingorchatwith

customersunlesstheyinitiatethecommunication.

Beexplicitinthedetailocommunications

thatrequiretheimmediateactionorattention

orecipients.

Establish and implement eective IT usage guidelines.

Justasyouwouldneverleaveyourrontdoor

unlockedwhenyouarenothome,youmusttake

thesameprecautionswithyourcomputersystem

tomakesureyourbusinessisprotected.Protecting

yourbusinessrequiresyoutoeducateyourseland

youremployeesaboutsaecybersecuritypractices.A

comprehensivesetoITusageguidelinesshouldocus

ontheollowing:

Prevention.Identiysolutions,policies,and

procedurestoreducetheriskoattacks.

Resolution.Intheeventoacomputersecurity

breach,youshouldhaveplansandproceduresin

placetodeterminewhatresourcesyouwilluseto

remedyathreat.

Restitution.Bepreparedtoaddressthe

repercussionsoasecuritythreatwithyour

employeesandcustomerstoensurethatanyloss

otrustorbusinessisminimalandshort-lived.

18


19/20

Top Tips or End Users

Keep your personal computer current with the latest

sotware updates and patches.

Applythelatestsecurityupdatesandpatchestoyour

sotwareprogramsandOSsandenableautomatic

updateswherepossible.Sincecybercriminalstypically

takeadvantageofawsinthesotwaretoplant

malwareonyourPC,keepingyoursotwarecurrent

willminimizeyourexposuretovulnerabilities.

Protect yoursel and your personal computer.

Iyoureceiveanemailrequestingpersonalor

condentialinormation,donotrespondorprovide

thisinormationvialinksorphonenumbersin

theemail.Legitimateorganizationssuchascredit

cardcompaniesandbankswillneverrequestthis

inormationviaemail.

Bewareounexpectedorstrange-lookingemailsand

instantmessages(IMs)regardlessosender.Never

openattachmentsorclicklinksintheseemailsand

IMs.Iyoutrustthesender,scantheattachments

beoreopening.Neverprovidepersonalinormationin

youremailorIMresponses.

Regularlycheckyourbank,credit,anddebitcard

statementstoensurethatalltransactionsare

legitimate.

BewareoWebpagesrequiringsotwareinstallation.

Scanprogramsbeoreexecutingthem.Alwaysread

theend-userlicenseagreement(EULA)andcancel

iyounoticeotherprogramsbeingdownloadedin

conjunctionwiththedesiredprogram.

Donotprovidepersonalinormationtounsolicited

requestsorinormation.

Iitsoundstoogoodtobetrue,itprobablyis.Iyou

suspectanemailisspam,deleteitimmediately.Reject

allIMsrompeoplewhomyoudonotknow.

Whenshopping,banking,ormakingothertransactions

online,makesurethewebsiteaddresscontainsansas

inhttps://www.bank.com.Youshouldalsoseealock

iconinthelowerrightareaoyourWebbrowser.

Choose secure passwords. Useacombinationoletters,numbers,andsymbols

andavoidusingyourrstandlastnamesasyour

loginname.

Avoidusingthesamepasswordorallyourlogin

needs.Donotusethesamepasswordoryourbanking

sitethatyouuseoryoursocialnetworkingsites.

Changeyourpasswordeveryewmonths.

19


20/20

About TrendLabs

TrendLabsisamultinationalresearch,development,

andsupportcenterwithanextensiveregionalpresence

committedto24/7threatsurveillance,attackprevention,

andtimelyandseamlesssolutionsdelivery.

Withmorethan1,000-strongstaothreatexpertsand

supportengineersdeployedround-the-clockatlabs

aroundtheglobe,TrendLabsenablesTrendMicroto:

Continuouslymonitorthethreatlandscapeacross

theglobe

Deliverreal-timedatatodetect,preempt,and

eliminatethreats Researchandanalyzetechnologiestocombat

newthreats

Respondinreal-timetotargetedthreats

Helpcustomersworldwideminimizedamages,reduce

costs,andensurebusinesscontinuity

TrendLabshasacilitiesintheollowing12locations:

Manila,Philippines(HQ)

Arlington,TX,USA

Cupertino,CA,USA

LakeForest,CA,USA

Shanghai,China

SaoPaulo,Brazil

Cork,Ireland

Paris,France

Tokyo,Japan

Taipei,Taiwan

Marlow,UnitedKingdom Munich,Germany

Notethattheseacilitiescanperormallorpartocritical

TrendMicroservicessuchastechnicalsupport,malware

analysisandsolutionsdelivery.

TrendLabs Locations

About Trend Micro:

TrendMicroIncorporated,agloballeaderinInternet

contentsecurity,ocusesonsecuringtheexchangeo

digitalinormationorbusinessesandconsumers.A

pioneerandindustryvanguard,TrendMicroisadvancing

integratedthreatmanagementtechnologytoprotect

operationalcontinuity,personalinormation,andproperty

rommalware,spam,dataleaksandthenewestWeb

threats.VisitTrendWatchatwww.trendmicro.com/go/

trendwatchtolearnmoreaboutthelatestthreats.

TrendMicrosfexiblesolutions,availableinmultiple

ormactors,aresupported24/7bythreatintelligence

expertsaroundtheglobe.Manyothesesolutionsare

poweredbytheTrendMicroSmartProtectionNetwork

inrastructure,anext-generationcloud-clientinnovation

thatcombinessophisticatedcloud-basedreputation

technology,eedbackloops,andtheexpertiseo

TrendLabs(SM)researcherstodeliverreal-timeprotection

romemergingthreats.Atransnationalcompany,with

headquartersinTokyo,TrendMicrostrustedsecurity

solutionsaresoldthroughitsbusinesspartners

worldwide.Pleasevisitwww.trendmicro.com.