Joerg G. posted an article on TrendLabs Malware Blog - Nov 10, 2009, 9:36 am
The Koobface botnet has pushed out a new component that automates the following routines: Registering a Facebook account Confirming an email address in Gmail to activate the registered Facebook accou...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 9, 2009, 5:56 am
We are seeing another development from the Koobface botnet, this time abusing the Google-owned service Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Tw...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 7, 2009, 11:04 pm
Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 5, 2009, 4:28 am
Anyone who has ever played a video game—whether in an arcade, using a gaming console, or on a PC—knows how a good kill can get one all excited and pumped up. Games that involve killing certain ent...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 4, 2009, 4:05 am
Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like i...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 3, 2009, 3:43 am
A few days ago, I got access to the source code of the well-known Elite Loader for free. Yes. It was published on one of the Russian underground forums. It even had a detailed description and screensh...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:48 am
When BREDOLAB entered the threat landscape several months ago, it was initially thought of as a common downloader (that downloads executable files) designed for malware infection only. However, Trend ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:36 am
Trend Micro threat analysts found spammed messages that pretended to be a letter coming from the “boss.” The messages bore the subject “get back to my office for more details” and instructed...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:31 am
With Christmas just right around the corner, spammers are already flooding users’ inboxes with unwanted email. No surprises there. Spammers are known to exploit the holidays to further their m...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 30, 2009, 6:27 am
The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat l...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 30, 2009, 5:06 am
We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fu...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 29, 2009, 5:05 am
Trend Micro researchers found over 200 email samples that spamvertised male sexual enhancement pills. These bore subjects like “Re: Go wild in bedroom,” “Re: Let your lever straight up,R...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 29, 2009, 4:44 am
Trend Micro threat analysts found several phishing sites registered in China that target specific people or companies. The said email can customize phishing URLs using the names of intended recipie...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 28, 2009, 3:02 am
A new spam campaign that purports to be from Facebook is making rounds today. It bears the subject, “Facebook Password Reset Confirmation,” and informs users that their passwords have been changed...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 28, 2009, 1:06 am
Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC�...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 26, 2009, 3:57 pm
Have you ever noticed how security often takes a backseat when trying something new? When I am trying out a protocol out for the first time, I barely skim the Security Considerations section of the RF...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 24, 2009, 7:58 am
Trend Micro researchers found spammed messages with a ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements” and purports to come from LSM Company. It informs...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 23, 2009, 4:38 pm
In the recent FAKEAV spam campaign, I realized something was off. Once the user clicks the URL and gets the bogus Antivirus 2010 up and running on the system, additional files are added. The files I f...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 23, 2009, 5:06 am
Microsoft’s new OS, Windows 7, was made available to the general public earlier today. To say that this was eagerly anticipated is an understatement, however, as in the United Kingdom, pre-orders...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 22, 2009, 8:09 am
In this most recent spam campaign, our spam traps caught an uncanny combination of a CapitalOne phish and a ZBOT variant. Below is a screenshot of an email sample making the rounds: The spam campaign...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 22, 2009, 4:54 am
Holidays are spammers’ favorite times of the year. After all, these give them additional opportunities to lure more victims to their specially crafted scams apart from a theme to focus on. As one of...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 21, 2009, 5:20 pm
Very recently, cybercriminals have found another avenue to lure victims into their trap by using Microsoft as bait. A screen shot of one such campaign is shown in Figure 1 below. The email asks the r...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 20, 2009, 7:16 am
In the past few weeks, Trend Micro researchers have become aware that the Russian cybercriminal underground has been overflowing with offers for a new kind of information-stealing malware. These new m...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 20, 2009, 6:22 am
Brazilian banks are once again in the hotseat as a banking Trojan emerges with a new technique. This time, the cybercriminals targeting these banks are using GMER, a popular anti-rootkit application. ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 19, 2009, 8:39 pm
A day before Michael Jackson’s new song, “This Is It,” was slated to premier on michaeljackson.com on October 12, a spam run promoting a 45-second preview on YouTube already made the rou...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 17, 2009, 10:39 pm
Major events, especially tragic ones, are usually followed with people asking the question, “Why did this happen?” Such events affect a lot of people in different ways, and that it is hard for...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 16, 2009, 3:07 am
A slightly modified Zbot spam campaign currently making rounds pretend to come from the IT support of various companies. It informs users that a security update in the mailing service caused changes i...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 15, 2009, 7:44 am
A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to be hosted by several Indian, Thai, and New Zealand websites. The Trojan takes advantage of critical ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 14, 2009, 4:01 am
The solution for the vulnerability that was left unpatched during last month’s patch cycle was included in the recently released security advisory, along with a dozen other vulnerability reports...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 14, 2009, 3:53 am
Trend Micro threat analysts were recently alerted to a phishing attempt targeting random employees of several companies. The email posed as a notification from the company’s “system administra...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 9, 2009, 4:59 pm
Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIE...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 9, 2009, 2:30 pm
Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIE...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 9, 2009, 10:21 am
Anybody want to know Trend Micro’s top secret internal strategic plans for our upcoming projects? How about our financial returns for the next quarter? Well sorry, obviously we are not going to...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 7, 2009, 11:31 pm
You’ve probably read or heard about KOOBFACE malware propagating through social networking sites such as Facebook, MySpace, and Twitter. A lot of analysis is available online through blogs or malwar...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 7, 2009, 3:21 am
I was prompted into crafting this post by a Scientific American blog post which stated that many experts in various scientific studies are sometimes “blinded” by — in fact — th...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 7, 2009, 3:17 am
Trend Micro threat analysts were alerted to the discovery of a not-so-common file infector. Unlike usual file infectors that only do simple modifications to the files they infect, PE_XPAJ.A does compl...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 7, 2009, 3:14 am
US President Barack Obama officially declared October as the National Cybersecurity Awareness Month. Now in its sixth year, the said campaign promotes increased awareness with its theme, “Our Shared...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 6, 2009, 5:38 am
A quick heads-up to all users of Microsoft’s Windows Live Hotmail email service: a list of at least 10,000 user names (and the corresponding passwords) of the second-largest email service after ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 2, 2009, 7:00 am
Trend Micro analysts have come across a new variant of the BEBLOH family of information stealers that goes well beyond the traditional tactic of logging keystrokes and sending it to another server for...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 1, 2009, 8:30 am
Typhoon Ketsana is currently leaving a trail of destruction, first in the Philippines, and now in Vietnam. Amidst the disaster, we see a glimmer of hope, one where netizens actively participate to mak...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 29, 2009, 9:43 am
Cybercriminals leveraged on the tropical storm, Ondoy (International name: Ketsana) that hit the Philippines and killed around 140 people. Senior Threat Analyst Joseph Pacamarra found several maliciou...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 28, 2009, 8:01 am
Trend Micro researchers discovered another wave of mass compromised websites involving several Thai government agencies’ sites. One of the compromised sites, the Thai Police site, was injected with ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 28, 2009, 8:00 am
Trend Micro threat analysts recently snagged an email pushing a bogus Windows Live Messenger residing in http://{BLOCKED}s-live-msn.serveftp.com/Windows_Live_9.0_beta.exe (detected as WORM_VB.PAB). Th...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 24, 2009, 5:30 am
Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were a...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 22, 2009, 4:45 am
Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users. Users need to perfor...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 22, 2009, 4:11 am
Trend Micro researchers were alerted of blackhat SEO campaigns that led to FAKEAV or rogue antivirus. The cybercriminals behind these attacks hitchhiked on high profile news like the recent death of P...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 18, 2009, 12:06 am
The Koobface botnet is widely known to install FAKEAV or rogue antivirus malware onto a victim’s PC. It has a dedicated component which actually installs the FAKEAV onto the user’s system....
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 16, 2009, 7:59 am
Trend Micro warns users of the latest spam campaign that targets US taxpayers with Foreign Bank and Financial accounts. The said spam rides on the September 23 extended deadline set by the Internal R...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 16, 2009, 7:57 am
We have encountered a new phishing scam that targets ClickandBuy. The London-based competitor to eBay offers both billing ang payment solutions, so it’s no surprise cybercriminals would be inter...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Sep 16, 2009, 6:05 am
Industry experts have previously estimated that, on average, a compromised machine remains infected for 6 weeks. However, our latest research indicates that this estimate is far from accurate. During ...
Comment - Like