A blog about generally interesting infosec stuff by employees of SecQuest Information Security https://www.secquest.co.uk

Wednesday, 9 April 2014

Trend Micro File Harvesting

Going back a year or two we blogged about Microsoft's SmartScreen filter sending potentially sensitive file information to Microsoft's servers who download files after they've been downloaded by Internet Explorer.  If you're putting super-secret-file.zip on a server for someone you probably don't want anyone else coming along and hoovering that up!

We've recently become aware that some versions of Trend antivirus products do exactly the same..

So as before with Microsoft this is the breakdown for Trend:

Original request for file
x.x.x.x - - [07/Apr/2014:13:46:58 +0100] "GET /super-secret-file.zip HTTP/1.1" 200 122880 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"

Trend's requests for file
150-70-173-44.trendmicro.com - - [07/Apr/2014:13:48:14 +0100] "GET /super-secret-file.zip HTTP/1.1" 200 122880 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"

150-70-172-111.trendmicro.com - - [07/Apr/2014:13:49:35 +0100] "GET /super-secret-file.zip HTTP/1.0" 200 122880 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

So yet another example of companies grabbing data without asking.. can you assume third-party permission to download potentially sensitive files based on T's & C's?


  1. Yes, I remember that blog and still, I really like your research. But now I have a request for you, can you please write a blog on "how to remove temporary files from server" that is causing to overheat the server. Cheap Dissertation Writing Services

  2. I will always let you and your words become part of my day because you never know how much you make my day happier and more complete. There are even times when I feel so down but gadget shop spot I will feel better right after checking your blogs. You have made me feel so good about myself all the time and please gadget shop spot know that I do appreciate everything that you have