Threat Encyclopedia

Welcome to the new Trend Micro Threat Encyclopedia! This site is your source for the latest information on computer threats and security. It focuses on Trend Micro products’ detections of threats that may be in the wild and may affect any number of computers.

Computer threats vary in behavior and purpose. The Threat Encyclopedia will help you understand these threats’ complexity and intentions and thus help you protect your computers by removing these threats should the need arise.

To gain full use of the information found in the Threat Encyclopedia, this page particularly walks you through its contents and how to find your way to get to the information that will be most useful to you. If you have visited the old Threat Encyclopedia before, you may notice some differences between its contents and features and those of this new site. As you go through this tutorial, you will find out and discover what these differences are.

In this article, you will find the answers to the following questions:

• What inspired us to change Threat Encyclopedia?
• What’s new in this version of Threat Encyclopedia?
• How is the site structured now?

Malware no longer work the way they used to in order to achieve their creators’ purposes. Most malware nowadays are more advanced in that they either (a) use two or more technologies or (b) are able to attack systems using a number of avenues. Furthermore, such malware can easily sneak past computer security protocols. These types of malware are called blended threats.

A blended threat may arrive on a system in a number of ways—(a) as an email attachment sent by another malware, (b) as a file downloaded from file-sharing sites, or (c) as a file downloaded from a link endorsed by a supposedly trusted site. Indeed, with the boom of Web 2.0, malware have become more insidious and widespread. To better educate you about computer threats, we presented the information you need to know graphically in a single frame.

As the sophistication of malware increases, the more you should be aware of how they work in order to stop the chain of infection. Presenting information in the simplest form possible can definitely make you as aware you should be.

The pages in the new Threat Encyclopedia can be classified into three types, namely:

1. Landing page: This is the default page you will see when you click a link to the new Threat Encyclopedia.
   
   
   
   
2. Threat article pages: These refer to individual pages that contain malware, spam, malicious URL, and vulnerability descriptions.
   
   
   
   
3. Web attacks pages: These refer to pages that contain correlated information from individual malware, spam, malicious URL, and vulnerability pages to form a complete Web attack story.
   
   

• Web Attack Widget
  
  The most notable change in the new Threat Encyclopedia is the addition of the Web Attack Widget found at the top of the landing page. This widget showcases the three most recent Web attack entries.
  
  
  The widget displays the following elements of a Web attack entry:
  
  
  1. Header: This refers to the title of the Web attack entry.
  2. Overview: This provides a short description of the Web attack found just below the header.
  3. Web attack diagram: This is a graphical representation of the complete Web attack story.
  4. Navigation bar: This refers to the bar site visitors can use to manually browse through or to view the latest Web attack entries. To see the three latest Web attack entries, you may opt to do any of the following:
     
     a. Click the entries’ corresponding numbers.
     b. Use the forward arrow (>) to go to the next Web attack entry.
     c. Use the back arrow (<) to go back to the previous Web attack entry.
     
     

• Improved Security Advisories Table
  
  The second most notable change in the new Threat Encyclopedia is the enhanced and expanded Security Advisories Table found below the Web Attack Widget.
  
  In the old Threat Encyclopedia, threats tagged as malware are usually separated from those known as grayware. In the new Threat Encyclopedia, both have been consolidated under a single category—malware.
  
  New threat content types have also been added to the Security Advisories Table such as:
  
  
  • Spam: These feature reports containing information on particular spam.
  • Malicious URLs: These feature reports containing information on particular malicious URLs.
  • Vulnerabilities: These feature reports containing information, workarounds, and security bulletins on particular vulnerabilities.

• Enhanced Search Function
  
  The third most notable change is the addition of a Search tool that displays exclusive content to the new Threat Encyclopedia found on the right-hand side of the Web Attack Widget.
  The new Search tool has the ability to distinguish search queries based on the user’s language preference. For instance, users viewing the Threat Encyclopedia in Japanese who use the Search tool will display results in Japanese unless there are no articles written in Japanese. In such a case, relevant articles written in English will still be displayed.
  
  
  
  Filters are also found on the right side of the search results page. These have the ability to further filter search results for better user convenience.
  
  
  

• Other Features
  
  
  1. Threat Meter Widget: This displays real-time ratings for Web-, spam-, and malware-related threat activities taken from the Trend Micro™ Smart Protection Network™.
     
     Visit the About Threat Levels page to learn more about the indicators used to measure threat activities.
     
     
  2. TrendLabs Malware Blog Widget: This displays the most recent entry found in the TrendLabs Malware Blog.
  
  
  3. Quick Links List: This displays a list of accessible links within the new Threat Encyclopedia.
     
     
  
  
  4. PDF Generator: This allows users to generate PDF copies of the current page they are viewing.
     
  
  
  5. Language Option Menu: This allows visitors to change* the language used to present the content they are viewing, depending on their own preferences. The new Threat Encyclopedia now supports seven other languages apart from English—Traditional Chinese, Japanese, French, Italian, Spanish, Portuguese, and Dutch.
     
     
     

• Breadcrumbs
  Breadcrumbs are particularly useful is you want to find out how you ended up in a particular page. This information is found below the main title of the page.
  
  
  
• Relations Bar
  The relations bar enumerates all threat types that are related to the specific threat article. The relation of a threat to another threat is shown here, i.e. if a spam is related to a two malicious URLs and a specific vulnerability, the relations bar shows a direct link to the descriptions of the two malicious URLs and the vulnerability related to the spam.
  
  

• Web Attack Diagram
  This diagram presents a complete visual representation of a Web attack. It showcases the relationships among the various threat vectors (spam, malicious URL, file) and threat types (malware, vulnerability) used in an attack.
  
  
  
• Facts Section
  This section displays a list of questions users are likely to ask about a Web attack and their respective answers. Details that cannot be depicted in the diagram are presented here so you will not miss out on any important information.
  
  
  
• Relations Table
  The Relations Table contains all of the threat types and vectors involved in a particular Web attack. It looks similar to the Security Advisories Table, the only difference being the fact that the Relations Table contains information exclusive only to a particular Web attack while the Security Advisories Table contains all types of noteworthy threat vectors and types at a given time.
  
  

Malware-related attacks have evolved into so-called blended threats. They are no longer restricted to file and local network transfer. Blended threats exploit a combination of application vulnerabilities and send out spammed messages containing links to malicious URLs or malicious file attachments just to spread their malicious code.

In line with changes in the current threat landscape, the new Threat Encyclopedia has also evolved to present the complete story behind blended threats. Its contents not only present information about the various Web technologies cybercriminals are exploiting. The articles are linked with one another to illustrate the relationships and interconnections among exploited technologies. It highlights high-profile Web attacks and summarizes all related information to present a complete picture.

Malware articles: These describe malware detections in detail and provide Trend Micro’s solutions and recommendations.

Spam articles: These provide information on individual spammed messages Trend Micro security experts protect product users from.

Malicious URLs articles: These contain information on all the malicious URLs Trend Micro security experts have identified and consequently blocked.

Vulnerabilities articles: These provide details on specific software vulnerabilities.

Web attacks articles: These present the relationships among the various threat vectors and types used in Web attacks to create the big picture.

Note how the image in Figure 1 also serves as a landing page Global Navigator. This reflects the site’s content structure, which features four article types representing the individual technologies (i.e., the four low-level articles) and highlights the Web attacks article.