Trend Micro installer executing arbitrary code (video)

Status
Not open for further replies.

Enju

Level 9
Thread author
Verified
Well-known
Jul 16, 2014
443
I got bored and wanted to take a peek at Trend Micro... let's just say nobody should consider using this.
I downloaded their official downloader from the German Trend Micro Website and hijacked the download, so instead of the Trend Micro Setup file I ended up with Firefox. Why not check the downloaded file for a certificate or even hash? Don't ask me, ask them.
The best part is: It runs as administrator! Imagine all the posibilities... ;)



The video was made in a rush - I hope it's ok!
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Your title is misleading, since Trend Micro isn't installed during this process.
Do you know if the Downloader is developed by them, or a third-party source?
 
  • Like
Reactions: Kent and Oxygen

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well I got that point, actually those installer can really manage to edit any content nowadays especially if its a server location which can easily change with a decent tool.
 
  • Like
Reactions: Enju

NekoJonez

Level 5
Verified
Well-known
Jun 3, 2015
200
Almost every school I worked for either used F-Secure or Trend Micro. From computers protected by both I was able to find some adware / malware they would detect on launch.

In other words, I'm not that happy with the real time protection. Since my gut feeling is saying that it mostly scans in the incoming traffic. (What I think, I haven't tested it in more depth.)

In any case, interesting video.
 
  • Like
Reactions: Enju

Enju

Level 9
Thread author
Verified
Well-known
Jul 16, 2014
443
Your title is misleading, since Trend Micro isn't installed during this process.
Do you know if the Downloader is developed by them, or a third-party source?
It's the only official way to download it so I assume it's written by them.
And what's wrong with the title? I explicitly didn't use any program name because it affects every new Trend Micro consumer installer, you can get it to install every application you want, I just choose Firefox because it's signed by Mozilla and not Trend.
DNS poisoning and domain hijacking are getting more and more common, hell you could even MITM it and attach your malware to the download...
 
  • Like
Reactions: vivid

Cch123

Level 7
Verified
May 6, 2014
335
I agree that AVs should all change to HTTPS update/download system, but I have to agree with Huracan that your title is misleading. Failing at security is a stong term to use just because you can hijack its software download.

Almost every school I worked for either used F-Secure or Trend Micro. From computers protected by both I was able to find some adware / malware they would detect on launch.

In other words, I'm not that happy with the real time protection. Since my gut feeling is saying that it mostly scans in the incoming traffic. (What I think, I haven't tested it in more depth.)

In any case, interesting video.

Are they using the home version or Deep Defender/ enterprise products? Trend Micro is one of the top 5 enterprise security vendors with Symantec, McAfee, Sophos and Kaspersky. Anyway, I wouldn't count adware since different AV vendors have different definitions of adware.
 
  • Like
Reactions: Enju

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Does Trend Micro 10 have an offline installer?
I guess using an offline installer, if it exists:D, could avoid this issue.
 
  • Like
Reactions: Enju
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top