Joerg G. posted an article on TrendLabs Malware Blog - Nov 27, 2009, 3:28 am
Thanksgiving kicks off the holiday season in the United States, the top spam-sending country in the world. The holiday season ushers sales and big discounts for users. Unfortunately, however, this als...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 27, 2009, 3:26 am
Trend Micro threat analysts were alerted to the discovery of another ZBOT spam campaign. The emails bear subjects such as “your photos” and “some jerk has posted your photos.” They inform th...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 26, 2009, 5:00 am
The activities of the infamous Koobface botnet have been a frequent topic of discussion here at the Malware Blog. Some security analysts recently commented that the botnet has added a new tool to its ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 25, 2009, 7:16 am
Trend Micro threat analysts were alerted to the discovery of spammed messages that purported to come from Media Service. The email bears the subject, “Congratulations,” and informs users that th...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 23, 2009, 12:24 pm
Trend Micro threat analysts recently unearthed spammed messages that purported to have come from Trend Micro. Targeting trusted organizations is not an uncommon technique, used by cyber criminals when...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 23, 2009, 6:28 am
Users who are currently planning to go or return to Brazil, especially with the holidays coming up, should watch out for a recent spam run. Spammed messages fashioned to look like an email from a Braz...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 23, 2009, 6:26 am
Threat researchers have been alerted to the discovery of a new exploit targeting Internet Explorer. Analysts have conducted tests and confirmed that the exploit affects versions 6 and 7 of the browser...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 22, 2009, 9:14 pm
Trend Micro threat analysts recently found a fake Shaw Communications phishing Web page http://{BLOCKED}nadaworld.net/{very long string containing random characters}/ that asks users for their custome...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 19, 2009, 10:07 pm
TrendLabs researchers were alerted to the discovery of spammed messages that contained Twitter URLs. The spam uses subjects such as N3 Earn Extra Income! 7L, C2 Exrtra Income Daily 4P, and Q0 $$$ Op...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 19, 2009, 4:45 am
Media reports have revealed the existence of fake blogs that were used to spread FAKEAV malware. The blogs do not actually contain any useful content. Instead, they have posts that contain nothing but...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 18, 2009, 3:26 am
TrendLabs researchers received spammed messages purporting to have come from various companies such as eBay, J.P. Morgan Chase and Co., and Colgate-Palmolive, among others. The email bore the subjec...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 18, 2009, 1:48 am
TrendLabs threat analysts found another FAKEAV campaign piggybacking on the Leonid meteor shower and the much-anticipated sequel to the Twilight saga, New Moon. Users searching for news and updates us...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 16, 2009, 3:21 am
As Filipinos and Puerto Ricans were busy rooting for their champions in yesterday’s fight, so were cybercriminals who wished to capitalize on the match. Through SEO poisoning, users searching for...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 14, 2009, 1:30 am
Trend Micro threat analysts received samples of spammed messages that purports to come from mobile phone companies, Vodafone and Verizon Wireless. The email messages carry the subject, “Your credit ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 12, 2009, 10:09 pm
Third-party security researchers reported that they found a vulnerability in both Windows 7 and Windows Server 2008 Release 2. The said bug exists in the handling of Server Message Block (SMB) packets...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 12, 2009, 9:49 pm
Cybercriminals are using compromised Twitter accounts to spam out information-gathering websites to unknowing users. The attack starts with compromised Twitter accounts. The accounts are used to send...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 12, 2009, 5:00 am
Trend Micro threat analysts recently discovered a phishing attack targeting the website of the Capita Group. The said site is dedicated for the company shareholders’ use. It aims to reduce th...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 11, 2009, 9:31 am
Microsoft released six security bulletins to fix 15 vulnerabilities in this month’s Patch Tuesday. Three of these security advisories (MSO9-063, MS09-064, MS09-65) are considered “critical” w...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 10, 2009, 9:36 am
The Koobface botnet has pushed out a new component that automates the following routines: Registering a Facebook account Confirming an email address in Gmail to activate the registered Facebook accou...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 9, 2009, 5:56 am
We are seeing another development from the Koobface botnet, this time abusing the Google-owned service Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Tw...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 7, 2009, 11:04 pm
Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 5, 2009, 4:28 am
Anyone who has ever played a video game—whether in an arcade, using a gaming console, or on a PC—knows how a good kill can get one all excited and pumped up. Games that involve killing certain ent...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 4, 2009, 4:05 am
Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like i...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 3, 2009, 3:43 am
A few days ago, I got access to the source code of the well-known Elite Loader for free. Yes. It was published on one of the Russian underground forums. It even had a detailed description and screensh...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:48 am
When BREDOLAB entered the threat landscape several months ago, it was initially thought of as a common downloader (that downloads executable files) designed for malware infection only. However, Trend ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:36 am
Trend Micro threat analysts found spammed messages that pretended to be a letter coming from the “boss.” The messages bore the subject “get back to my office for more details” and instructed...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Nov 2, 2009, 7:31 am
With Christmas just right around the corner, spammers are already flooding users’ inboxes with unwanted email. No surprises there. Spammers are known to exploit the holidays to further their m...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 30, 2009, 6:27 am
The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat l...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 30, 2009, 5:06 am
We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fu...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 29, 2009, 5:05 am
Trend Micro researchers found over 200 email samples that spamvertised male sexual enhancement pills. These bore subjects like “Re: Go wild in bedroom,” “Re: Let your lever straight up,R...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 29, 2009, 4:44 am
Trend Micro threat analysts found several phishing sites registered in China that target specific people or companies. The said email can customize phishing URLs using the names of intended recipie...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 28, 2009, 3:02 am
A new spam campaign that purports to be from Facebook is making rounds today. It bears the subject, “Facebook Password Reset Confirmation,” and informs users that their passwords have been changed...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 28, 2009, 1:06 am
Trend Micro researchers recently found spam emails fashioned to come from Federal Insurance Deposit Corporation (FDIC). The email message informs users that they should visit the “official” FDIC�...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 26, 2009, 3:57 pm
Have you ever noticed how security often takes a backseat when trying something new? When I am trying out a protocol out for the first time, I barely skim the Security Considerations section of the RF...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 24, 2009, 7:58 am
Trend Micro researchers found spammed messages with a ZIP file attachment that contains a malware. It bears the subject, “Contract of Settlements” and purports to come from LSM Company. It informs...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 23, 2009, 4:38 pm
In the recent FAKEAV spam campaign, I realized something was off. Once the user clicks the URL and gets the bogus Antivirus 2010 up and running on the system, additional files are added. The files I f...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 23, 2009, 5:06 am
Microsoft’s new OS, Windows 7, was made available to the general public earlier today. To say that this was eagerly anticipated is an understatement, however, as in the United Kingdom, pre-orders...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 22, 2009, 8:09 am
In this most recent spam campaign, our spam traps caught an uncanny combination of a CapitalOne phish and a ZBOT variant. Below is a screenshot of an email sample making the rounds: The spam campaign...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 22, 2009, 4:54 am
Holidays are spammers’ favorite times of the year. After all, these give them additional opportunities to lure more victims to their specially crafted scams apart from a theme to focus on. As one of...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 21, 2009, 5:20 pm
Very recently, cybercriminals have found another avenue to lure victims into their trap by using Microsoft as bait. A screen shot of one such campaign is shown in Figure 1 below. The email asks the r...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 20, 2009, 7:16 am
In the past few weeks, Trend Micro researchers have become aware that the Russian cybercriminal underground has been overflowing with offers for a new kind of information-stealing malware. These new m...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 20, 2009, 6:22 am
Brazilian banks are once again in the hotseat as a banking Trojan emerges with a new technique. This time, the cybercriminals targeting these banks are using GMER, a popular anti-rootkit application. ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 19, 2009, 8:39 pm
A day before Michael Jackson’s new song, “This Is It,” was slated to premier on michaeljackson.com on October 12, a spam run promoting a 45-second preview on YouTube already made the rou...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 17, 2009, 10:39 pm
Major events, especially tragic ones, are usually followed with people asking the question, “Why did this happen?” Such events affect a lot of people in different ways, and that it is hard for...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 16, 2009, 3:07 am
A slightly modified Zbot spam campaign currently making rounds pretend to come from the IT support of various companies. It informs users that a security update in the mailing service caused changes i...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 15, 2009, 7:44 am
A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to be hosted by several Indian, Thai, and New Zealand websites. The Trojan takes advantage of critical ...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 14, 2009, 4:01 am
The solution for the vulnerability that was left unpatched during last month’s patch cycle was included in the recently released security advisory, along with a dozen other vulnerability reports...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 14, 2009, 3:53 am
Trend Micro threat analysts were recently alerted to a phishing attempt targeting random employees of several companies. The email posed as a notification from the company’s “system administra...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 9, 2009, 4:59 pm
Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIE...
Comment - Like

Joerg G. posted an article on TrendLabs Malware Blog - Oct 9, 2009, 2:30 pm
Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIE...
Comment - Like