Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 21, 2010, 6:57 am
Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter.
The mail, which poses as ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 18, 2010, 8:15 am
This morning, I came across an entertaining Christmas-themed ZeuS Web panel while monitoring online forums. Here’s what it looks like:
I investigated the contents of the web panel package, which turned out to be Ghost Panel with a modified skin:
As our readers probably recall, the Ghost Panel is... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 17, 2010, 12:21 am
Cybercriminals have once again used a not-so-new but still a seemingly promising medium for their malware campaigns. Earlier today, ZDNet reported a “new” exploit that targets Skype users. This exploit takes advantage of a vulnerability in a Skype component—EasyBits Extras Manager. While the v... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 16, 2010, 1:43 am
Heads-up for users still running Windows XP: The unpatched Help Center flaw revealed last week is now out in the wild and being used to launch malware attacks against target users.
This new zero-day exploit takes advantage of the vulnerability that exists in the Microsoft Windows Help Center, a de... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 15, 2010, 7:37 am
Last week, we had two major mass compromises. The first one hit more than 100,000 websites, including major news sites like the Wall Street Journal and the Jerusalem Post. The second campaign was much smaller, hitting only around 1,000 pages, and also lacked similarly high-profile victims although t... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 11, 2010, 7:15 pm
With the underground economy still thriving, cybercriminals will surely use any method such as Canadian pharma spam runs to facilitate their information theft operations.
Canadian pharmacy sites are known to be used by scammers to sell a wide range of fake medicines usually for impotence and other ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 10, 2010, 1:40 am
Last week, we talked about the Tequila botnet that was targeting Mexican users. Since our last post, there has been one big development—the botnet appears to have been taken down by the owners themselves.
On Thursday (June 3, 2010), the botnet’s controllers sent out new instructions to all of t... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 10, 2010, 12:15 am
Malicious JavaScript code used to be contained in single .JS or .HTML files, which made malicious JavaScript analysis and detection pretty straightforward.
However, in the past few days, a couple of distinct Web compromises caught my attention because the codes involved used the multipart malicious... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 9, 2010, 6:28 am
Spammers seem to be on something of a Twitter rampage of late. They have sent out a wide variety of spammed messages recently that all appear to be from Twitter:
The first mail sample shows a phishing attack mounted against users. The second contains links to a malicious file that is already detect... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 8, 2010, 8:09 pm
After a relatively quiet May with only two security bulletins, Microsoft comes out with 10 security bulletins in June’s Patch Tuesday release. Three of these were rated “critical,” which means these vulnerabilities could be exploited without the user having to take any action beyond visiting a... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 6, 2010, 2:27 am
An addition to the roster of digital devices that have been shipped with malware, Samsung, too, seems to have accidentally distributed malware along with the new Bada-powered Samsung S8500 Wave smartphone.
It has been reported that the 1GB micro-SD cards included with the mobile phone units shipped... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 6, 2010, 2:26 am
On Friday, Adobe released a security advisory announcing a zero-day exploit found in specific Adobe Flash Player versions. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application to crash. Potentially, the underlying vulnerability could also be used to run arbitrary code such as... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 5, 2010, 1:33 am
What do the “FIFA World Cup” and Gaza attack have in common? They are both currently being used as social engineering ploys by a couple of malware campaigns seen on Twitter. TrendLabsSM senior threat researcher Ivan Macalintal spotted several malicious programs being distributed via the popular ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 4, 2010, 3:16 am
TrendLabsSM engineers Alvin Bacani and Jayson Pryde recently analyzed a new spyware (detected by Trend Micro as OSX_OPINIONSPY.A) that came bundled with screensavers, according to Intego, in sites that host free applications and software updates like MacUpdate, Softpedia, and VersionTracker.
Intere... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 3, 2010, 4:51 am
Cybercriminals have found yet another way to grab users’ attention. This time, they posed as members of the Federal Bureau of Investigation (FBI) from Washington D.C. to scam users with a spammed message.
As in any other scam, the email sender posed as someone from a legitimate body in this attac... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 2, 2010, 7:10 am
While conducting blackhat search engine optimization (SEO) investigations, I stumbled upon an SEO attempt hosted in the popular document-sharing site Scribd.
The document that contains the SEO strings and links was actually a .PDF file that has been uploaded to Scribd.
Further investigation reveal... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Jun 2, 2010, 4:24 am
We recently received a report of a new phishing attack that originated from Mexico. It takes advantage of the controversial news about an allegedly missing four-year-old girl, Paulette Gebara Farah, who was later found dead in her own bedroom. On investigation we found that this attack came from a... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 31, 2010, 11:15 pm
A new exploit has been found in the Japanese word processor Ichitaro. JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability. It is released by Japanese Vulnerability Notes as JVNDB-2010-000024. If exploited, arbitrary code coul... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 31, 2010, 9:46 pm
Today is the last day of May and, for some people, the last day their Facebook accounts are available online. Recent changes to Facebook’s privacy settings are regarded as rather confusing and not readily apparent to users. Not even the latest update that Facebook made last May 26, which attempted... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 31, 2010, 8:14 am
Early this year, the SASFIS Trojan became notorious in relation to spoofed email messages supposedly from Facebook. SASFIS infections usually result in tons of other malware infections, as this particular family makes systems susceptible to botnet attacks, particularly from ZeuS and BREDOLAB, and is... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 27, 2010, 3:07 am
TrendLabsSM recently handled a client case last March wherein two peculiar malware leveraged a Windows service—Windows Management Instrumentation (WMI)—to execute their malicious routines.
WMI lets users access and retrieve information about their OSs. It is particularly useful for administrato... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 26, 2010, 5:20 am
The upcoming “2010 FIFA World Cup” in South Africa is one of the most highly anticipated events in sports history today. As expected, cybercriminals have been using this event as another means for their endless string of profiteering schemes.
TrendLabsSM engineers discovered two separate spam r... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 25, 2010, 7:34 am
The KOOBFACE botnet continuously evolves to keep on generating profit for its perpetrators. The fact that the botnet is still alive shows that the cybercriminals behind it are making a fortune off it.
In our effort to conduct research on and to monitor the latest developments made to the KOOBFACE b... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 25, 2010, 4:40 am
Italian bank Banca Popolare di Sondrio has become phishers’ new target with the discovery of a spammed message containing a link to the supposed bank’s Internet banking site, SCRIGNO.
As with previous bank-related phishing attempts, clicking the link leads users to a site that looks very much l... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 21, 2010, 11:15 pm
The TDSS malware family in itself is already a big threat to users. Known for its rootkit capabilities, TDSS constantly evolves to include more sophisticated means in order to hide its presence in an affected system. The Mebroot malware family, on the other hand, is noted for inflicting master boot ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 18, 2010, 11:50 pm
Autorun.inf is prevalently used by worms as an autostart technique. Through this file, the worm is able to automatically execute whenever an infected drive is accessed. Over time, users have been able to think of workarounds to manually remove the malware file while preventing it from executing. Som... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 16, 2010, 10:26 pm
TrendLabsSM engineers recently discovered a new Skype spam campaign. The spam arrives as a message from a user’s list of contacts. It contains a list of links with the domain {BLOCKED}4.171.116, most of which are already inactive.
One of these links has been found to lead to the download of a mal... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 14, 2010, 3:11 am
A Twitter bot builder is currently being freely distributed on the Internet with the capability to attack users’ systems and to have some fun at the same time. It may, however, act as a threat when an attacker uses the tool to start a distributed denial-of-service attack (DDoS) on critical systems... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 13, 2010, 9:49 pm
“Liking” a fan page or a group on just about every page you stumble on Facebook may backfire someday and you’ll wish you hadn’t “liked” it at all.
TrendLabsSM engineers found a dubious Facebook page that uses JavaScript code to spam everyone in a user’s Friends list.
The page called ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 13, 2010, 1:47 am
I hate to single out individual countries, organizations, ISPs, or any other entity but I have to tell you—my head almost explodes when I run into barriers in trying to contact the responsible organization where I see criminal activity.
Now sure, I see criminal activity in a lot of places, gran... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 12, 2010, 8:42 pm
A new spam campaign has been discovered spoofing job-application-related emails. While most spammed messages have been known to take advantage of a specific occasion, a holiday, or even a currently newsworthy item, spammers have hit a new low with this scheme.
The sample in Figure 1 contains a shor... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 12, 2010, 3:48 am
Microsoft released two critical security advisories as part of its May Patch Tuesday. In addition to the advanced notification it released last Thursday, Microsoft has addressed the vulnerabilities with this batch of patches.
MS10-030 deals with a privately reported vulnerability plaguing Outlook E... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 11, 2010, 8:40 pm
Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers, particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well.
Trend Micro re... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 11, 2010, 12:06 am
TrendLabsSM engineers recently spotted a new worm leveraging peer-to-peer (P2P) applications similar to the threat that displays copyright violation warnings. The new worm detected by Trend Micro as WORM_PITUPI.K solves the typical problem that P2P worms face, that is, hard-coded file names used to ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 10, 2010, 8:19 pm
Promises of freebies and other enticing promos are just a few of the tricks cybercriminals use to lure users to their profiteering schemes. TrendLabsSM engineers recently discovered suspicious-looking emails pretending to come from the iTunes Store. The spoofed email tells users they won a gift ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 10, 2010, 8:17 pm
TrendLabsSM engineers noted an increase in the number of fake pharma ads spam in the past few days. As in previous cases, this slew of spam features professional-looking images to persuade users to purchase the “medicines” scammers are peddling online.
Samples of these messages look like a ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 9, 2010, 11:56 pm
Coming May 11, Tuesday, Microsoft will be releasing its monthly patch updates, and last Thursday, the company released an advance notification in its Microsoft TechNet site for the updates. Note that these advanced notifications aim to allow Microsoft users to make deployment plans ahead of time. It... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 9, 2010, 11:52 pm
HijackThis is a free tool Trend Micro offers as a courtesy to end users—customers and non-customers alike. It helps users evaluate their machines for possible infections by generating in-depth log reports for Windows operated systems. It also incorporates several useful tools that can help manuall... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 8, 2010, 4:51 am
With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.
T... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 7, 2010, 4:43 am
The only thing worse than receiving a spammed greeting card is a one that comes with malware. TrendLabs SM senior advanced threats researcher Loucif Kharouni recently acquired a sample spam in the form of an online greeting card. The said card urges recipients to check out the greeting card by click... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 7, 2010, 4:41 am
TrendLabs SM engineers recently discovered an interesting Shockwave Flash (.SWF) file that displays an image and downloads a worm with code capable of initiating a denial-of-service (DoS) attack.
The file detected as SWF_PALEVO.KK is hosted on a malicious site and runs whenever users access the si... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 6, 2010, 2:52 am
May 9 is Mothers’ Day for most countries all over the world. As a perfect gift on this particular holiday, spammers decided to honor mothers by spamming e-cards from supposedly legitimate greeting card companies to distribute their malicious wares. Figure 1 shows an email in HTML format using a te... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 4, 2010, 11:07 am
May 4, 2000 hit the world with what was then the biggest ever computer virus. It was important that this, along with all other email viruses, was right out in the open, visible to everyone. Each user could see the email in question and after a couple of days, every user knew it was a virus and eve... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 4, 2010, 7:00 am
A few days ago, TrendLabsSM engineers received spam containing salad words (see Figure 1) along with a .ZIP file attachment (see Figure 2). This mixture of random words can be seen in the subject header and in the spam body. This was purposely done by spammers to bypass anti-spam filters that users ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
May 1, 2010, 3:33 am
TrendLabsSM security researchers recently noted an increase in the volume of spammed messages posing as newsletters from Amazon. These email messages even sported a supposed Amazon email address, {BLOCKED}ers@amazon.com, to make them look more credible.
The messages even featured various product ... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Apr 29, 2010, 6:55 am
Beware, Twitter enthusiasts! Spam posing as Twitter email notifications are currently proliferating in the wild. The spam are of two types—the first type attempts to steal personal information or login credentials while the second attempts to infect systems with malware.
A legitimate Twitter noti... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Apr 28, 2010, 6:43 am
.PDF files—or their inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered. Modified versions of this file type have been especially notorious these past few months since they are capable of attacking user systems by initially exploiting inh... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Apr 27, 2010, 7:15 pm
ZeuS/ZBOT is best known for its information-stealing routines via the use of configuration files downloaded from their home sites. They are created using toolkits that allow remote control of the malware. Getting them to infect target systems is the tricky part. Cybercriminals have thus tried utiliz... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Apr 27, 2010, 6:06 pm
TrendLabsSM received reports of a suspicious email claiming to be an IT notification. It informs users that their mailbox settings have been changed. This email has a .PDF attachment that supposedly contains instructions that the users need to read before updating their settings.
This attack is sim... Comment - Like
Joerg G. posted an article on
TrendLabs Malware Blog
-
Apr 26, 2010, 11:49 pm
TrendLabsSM recently spotted a phishing site that specifically targets Public Bank of Malaysia’s clients. Public Bank is one of Malaysia’s leading financial institutions that operate in other parts of Asia as well, including Hong Kong, China, and Cambodia.
The phishing page mimics Public Bank... Comment - Like
Recent Discussions
