Trend Micro installer executing arbitrary code (video)

Discussion in 'Trend Micro' started by Enju, Aug 15, 2015.

  1. Enju

    Enju New Member

    Jul 16, 2014
    444
    1,429
    I got bored and wanted to take a peek at Trend Micro... let's just say nobody should consider using this.
    I downloaded their official downloader from the German Trend Micro Website and hijacked the download, so instead of the Trend Micro Setup file I ended up with Firefox. Why not check the downloaded file for a certificate or even hash? Don't ask me, ask them.
    The best part is: It runs as administrator! Imagine all the posibilities... ;)



    The video was made in a rush - I hope it's ok!
     
    vivid, jamescv7, Online_Sword and 2 others like this.
  2. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,261
    24,195
    What's the purpose of this video?
     
    Oxygen and Secondmineboy like this.
  3. Enju

    Enju New Member

    Jul 16, 2014
    444
    1,429
    You can hijack the Trend Micro downloader to execute any file you want with admin privileges, can be done via injection or any way you want. The downloaded file doesn't get checked for legitimacy.
     
    vivid and Secondmineboy like this.
  4. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,261
    24,195
    Your title is misleading, since Trend Micro isn't installed during this process.
    Do you know if the Downloader is developed by them, or a third-party source?
     
    Kent and Oxygen like this.
  5. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,723
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    Well I got that point, actually those installer can really manage to edit any content nowadays especially if its a server location which can easily change with a decent tool.
     
    Enju likes this.
  6. NekoJonez

    NekoJonez New Member

    Jun 3, 2015
    191
    811
    IT-support - Planner at Flemish Exam Jury
    Almost every school I worked for either used F-Secure or Trend Micro. From computers protected by both I was able to find some adware / malware they would detect on launch.

    In other words, I'm not that happy with the real time protection. Since my gut feeling is saying that it mostly scans in the incoming traffic. (What I think, I haven't tested it in more depth.)

    In any case, interesting video.
     
    Enju likes this.
  7. Enju

    Enju New Member

    Jul 16, 2014
    444
    1,429
    It's the only official way to download it so I assume it's written by them.
    And what's wrong with the title? I explicitly didn't use any program name because it affects every new Trend Micro consumer installer, you can get it to install every application you want, I just choose Firefox because it's signed by Mozilla and not Trend.
    DNS poisoning and domain hijacking are getting more and more common, hell you could even MITM it and attach your malware to the download...
     
    vivid likes this.
  8. Cch123

    Cch123 Level 7

    May 6, 2014
    332
    815
    I agree that AVs should all change to HTTPS update/download system, but I have to agree with Huracan that your title is misleading. Failing at security is a stong term to use just because you can hijack its software download.

    Are they using the home version or Deep Defender/ enterprise products? Trend Micro is one of the top 5 enterprise security vendors with Symantec, McAfee, Sophos and Kaspersky. Anyway, I wouldn't count adware since different AV vendors have different definitions of adware.
     
    Enju likes this.
  9. Online_Sword

    Online_Sword New Member
    Trusted

    Mar 23, 2015
    575
    1,807
    Does Trend Micro 10 have an offline installer?
    I guess using an offline installer, if it exists:D, could avoid this issue.
     
    Enju likes this.
  10. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,723
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    @Online_Sword : Yes, you will deal for license key to enter or skip for trial version.
     
    Enju likes this.
  11. Enju

    Enju New Member

    Jul 16, 2014
    444
    1,429
    Online_Sword likes this.
Loading...
Similar Threads Forum Date
Help Me Decide Trend Micro Internet Security with an on-demand scanner Compare Apps Dec 23, 2017
Expired TrendMicro Internet Security 2018 for free Giveaways Archive Dec 19, 2017
Help Me Decide Trend Micro Maximum Security vs Emsisoft Antimalware vs Bitdefender Total Security Compare Apps Nov 24, 2017