Zyxel Threat Intelligence (Release Date: 2022-02-01)

zyxel_Lin
zyxel_Lin Posts: 26  Zyxel Employee
edited February 10 in Security Highlight

ZyWALLs latest virus/malware signature update protects you against more malware and threats. See how ZyWALL defends against these threats.

Part 1 – Virus/Malware Spotlight

Part 2 – Intrusion Detection Highlight

Part 3 – Application Patrol Highlight

This article focuses on Trojan. Part 2 and 3 will be included in the February Monthly Threat Report covering Intrusion Detection and Application Patrol update. You can view more about their details, history, and signature information in Zyxel Encyclopedia.


Part 1 Virus/Malware Spotlight
(Number of updated Virus/Malware signatures:904)

Zyxel keeps malware detection up-to-date. Currently, Zyxel detects and removes the threats including  Trojan.PasswordStealer and  Trojan.BitCoinMiner.

Name: Trojan.PasswordStealer

Password stealers are a type of malware that steals passwords and other sensitive information. It may also secretly install and perform several malicious actions on your PC.

How it works

Trojan.PasswordStealer may be distributed using various methods. Attackers often deploy Trojan.PasswordStealer as part of another harmful program like trojan-dropper, which silently installs the trojan-spy on a device.

They may also be distributed as email attachments by social engineering to trick users into opening the attached files, all while silently installing the Trojan.PasswordStealer. The trojan is also particularly prevalent on the Android platform and can be found on copies of legitimate versions of their apps’ counterpart. The users get directed to the malicious versions with advertising.

Impact

A Trojan.PasswordStealer enables keylogging and stays active in Windows memory. It starts keylogging when the users input a log-in ID and a password.

After log-ins and passwords are stolen,  the attacker can read a user's email on public and corporate mail servers. It can also access to more sensitive information such as banking accounts.


Name: Trojan.BitCoinMiner

Trojan.BitCoinMiner identifies a program that the attackers wrote to hijack other people computer's physical resources including memory and processing power. Crypto-mining is resource intensive and usually eats up energy cost. Attackers avoid this by silently installing Trojan.Bitcoinminer through fake software downloads and updates, forcing regular victims' computers to mine bitcoins or other forms of digital cryptocurrency for them. Programs identified as Trojan.BitCoinMiners can either function as a miner or install a separate component that can do so.

What Is Cryptocurrency?

A cryptocurrency is an anonymous and digital currency produced by a public network, rather than any government. It uses cryptography to make sure payments are sent and received safely and anonymously. Multiple cryptocurrencies exist, such as BitCoin, Ethereum and Monero.

Part 2 Intrusion Detection 
(Updated: 12/Cover Total: 5510)

Highlight

CVE-2021-44228

Base Score: 10 high

Apache Log4j logging remote code execution

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. (Source: NIST)

Highlight

CVE-2019-0630

Base Score: 8.8 high

Windows SMB Server Smb2UpdateLeaseFileName Remote Code Execution

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633. (Source: NIST)

Part 3 Application Patrol
(Added Application:5/ All Application: 3847)


To make your life easier in managing your licenses for your devices, the Marketplace has been opened to buy licenses conveniently and securely.

These are the three major benefits for you as a customer when using the Marketplace:

•Get immediate license renewal
•Avoid incorrect license(s) purchased with our filtered product listing
•Review your device and license status online