Trend Micro Deep Discovery Protects South Korean Customers From Attack

    Trend Micro Deep Discovery Protects South Korean Customers From Attack

Crippling attacks on banks and media thwarted by advanced threat protection of
Trend Micro Custom Defense

PR Newswire

CUPERTINO, Calif., March 21, 2013

CUPERTINO, Calif., March 21, 2013 /PRNewswire/ --Trend Micro Incorporated
announced today that customers using its Deep Discovery advanced threat
protection product were able to discover and react to the recent cyber-attack
before damage could be done. These attacks paralyzed several major banking and
media companies, leaving many South Koreans unable to withdraw money from ATMs
and news broadcasting crews cut off from their resources.

Deep Discovery network detection and custom sandbox analysis were able to
detect the spear phishing email, identify the malware it contained, and
discover the external command-and-control sites that the attackers used. With
this actionable intelligence in hand, customers were able to immediately stop
or remedy any effect and to block all malicious communication sources. This
detection and swift response saved Deep Discovery customers from an attack
that appears aimed to disrupt normal business processing by disabling critical
endpoints and resources.

Cyber-attacks have been a fact of life for some time in South Korea and many
enterprise and government agencies have implemented proactive threat detection
and response measures. Trend Micro is a leading provider of these security
intelligence solutions and services, with three of the six top banks and over
80 government agencies using Deep Discovery to protect themselves from such

Anatomy of the Attack
According to reports, several computer screens at major South Korean banks and
three top TV companies went blank on Wednesday (local time), March 20, 2013.
Some screens were even showing an image of a skull and a warning from the
"WhoIs" team.

This attack is one of several independent, concurrent attacks plaguing South
Korea. Trend Micro research has shown that this is the result of a malware
attack that began with the delivery of a spear phishing email spoofed to look
like a credit card history for the month of March. The malware attached to
these phishing emails that brought these systems down overwrites the Master
Boot Record (MBR), and was set to run on March 20 2013. If the malware was
installed before March 20, it remains dormant and activates only on this day.
Once it runs, it completely cripples the system usually requiring it be
rebuilt. Wiping the MBR in this fashion can sometimes be the last step in a
targeted attack meant to make investigation and recovery of these systems more
difficult. Trend Micro research has shown that attackers targeted for
destruction not only systems running Microsoft Windows but also those running
Linux, IBM AIX, Oracle Solaris and Hewlett-Packard HP-UX versions of UNIX.

Deep Discovery customers concerned they may also be targets of this attack can
examine their Deep Discovery logs for instances of "HEUR_NAMETRICK.B."

Deep Discovery and Trend Micro Custom Defense
Trend Micro Deep Discovery provides the custom detection, intelligence and
response capabilities to protect customers from targeted attacks and Advanced
Persistent Threads (APTs). Its detection engines and custom sandboxing
identify and analyze malware, malicious communications and attacker behavior
invisible to standard security solutions.

Deep Discovery enables a full Detect – Analyze – Adapt – Respond lifecycle to
these attacks, augmenting and integrating with existing security investments
to create a full Custom Defense solution tailored to the specific environment
of the customer. Deep Discovery integration and security update sharing with
network, gateway and endpoint security improve protection and defense against
attack at all points. And Deep Discovery custom threat intelligence and
security event analysis enable the rapid containment and remediation of an
attack. Only Trend Micro Deep Discovery and Custom Defense solution offer this
breadth and depth of protection

More detailed information about this can be found on Trend Micro's Security
Intelligence blog posting:

About Trend Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global cloud security
leader, creates a world safe for exchanging digital information with its
Internet content security and threat management solutions for businesses and
consumers. A pioneer in server security with over 20 years' experience, we
deliver top-ranked client, server and cloud-based security that fits our
customers' and partners' needs, stops new threats faster, and protects data in
physical, virtualized and cloud environments. Powered by the industry-leading
Trend Micro™ Smart Protection Network™ global threat intelligence data mining
framework, our products and services stop threats where they emerge – from the
Internet. They are supported by 1,000+ threat intelligence experts around the

Additional information about Trend Micro Incorporated and the products and
services are available at Trend This Trend Micro news release and
other announcements are available at and as
part of an RSS feed at Or follow our news on Twitter
at @TrendMicro.

SOURCE Trend Micro Incorporated

Contact: Alan Wallace, Trend Micro Incorporated, Senior Global PR Manager,, +1-425-522-3180
Press spacebar to pause and continue. Press esc to stop.