Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Tue, 31 Mar 09
What Will Go DOWNAD on April 1?
http://blog.trendmicro.com/what-will-go-downad-on-april-1/
Much has been said about the DOWNAD worm (a.k.a. Conficker) and its enigmatic payload that will supposedly be unleashed on April 1st. There are two days to go until the moment of truth and the hype isn’t expected to die down. But online threat history tells us that trigger/activation dates of equally hyped malware have [...]
Mon, 30 Mar 09
New Malware Cracks Macs
http://blog.trendmicro.com/new-malware-cracks-macs/
Malware targeting machines running on Mac OS are quickly becoming quite common, with new variants appearing on a seemingly monthly basis. Just last week, our friends at Intego reported of new variant of the RSPLUG Trojan in the wild.Taking its cue from the routines of the first RSPLUG malware, this latest incarnation no longer limits [...]
Fri, 27 Mar 09
Spoofed Delta Airlines Contains Malware
http://blog.trendmicro.com/spoofed-delta-airlines-contains-malware/
The Trend Micro Content Security team discovered spoofed email messages that pretend to be from Delta Airlines. The fake email message contains a confirmation numbers of supposed ticket purchase and a ZIP file. Recipients are told that this said file contains details on the travel itinerary.Here’s a screenshot of a spammed message:Figure 1. Sample spam.The [...]
Wed, 25 Mar 09
E-cards Used to Advertise Adult Dating Site
http://blog.trendmicro.com/e-cards-used-to-advertise-adult-dating-site/
The misuse of legitimate services continue as after recent reports of cybercriminals exploitng the redirecting service TinyURL to slip past spam filters, legitimate e-card services are now being used.We have received email samples that arrive as ecards with the subject header “Regards From Secret Admirer”. The greeting cards were from Regards.com, the web’s largest collection [...]
Wed, 25 Mar 09
Data-for-ransom Syndicates Strike Online
http://blog.trendmicro.com/data-for-ransom-syndicates-strike-online/
How much is your data worth? A great deal, perhaps, for most of us. Naturally, cybercriminals keep coming up with new ways to exploit this. The new attack? Taking a page out of offline criminal syndicates, now your data is being held for ransom–literally.This latest bit of malware, detected by Trend Micro as TROJ_FAKEALE.BG, is [...]
Wed, 25 Mar 09
Smarter Advertising–Or Is It?
http://blog.trendmicro.com/smarter-advertising%e2%80%93or-is-it/
Mobile technology is mainstream now. Just as radio, television and desktop computers have become integral parts of the normal household, mobile devices such as cellphones, MP3 players and laptops have also become essential tools in our day-to-day functions.Today, the capabilities of these devices are increasingly becoming so advanced that they can even tell where you [...]
Sat, 21 Mar 09
WALEDAC Spamming Madness
http://blog.trendmicro.com/waledac-spamming-madness/
Aside from spamming our mailboxes with dire news of bombings in our local cities, WALEDAC is also very busy filling our mailboxes with more unwanted emails. This time, peddling various pills, meds, and male enhancements.Here’s a gallery of pharma vendors advertised in Waledac spam mails.Figure 1. Canadian Pharmacy, a known long time advertiser in spam. [...]
Sat, 21 Mar 09
Ichitaro Exploits Progress
http://blog.trendmicro.com/ichitaro-exploits-progress/
On March 11, Regional TrendLabs in Japan found a zero-day exploit attack that targeted Just System’s well-known Japanese word-processor, Ichitaro. The malware exploting the vulnerability was noticed to arrive via spam and via malicious websites using the Ichitaro file extension name, .JTD.The malware ( TROJ_TARODROP.BA) drops a file {random letters}.tmp ( TROJ_DROPPER.PAO) that in turn [...]
Fri, 20 Mar 09
Complex Malcode Behind ILOMO Reinfection
http://blog.trendmicro.com/complex-malcode-behind-ilomo-reinfection/
Last week, Trend Micro was alerted to the increasing number of ILOMO infections. ILOMO Trojans (some examples are TROJ_ILOMOB.,TROJ_ILOMO.F, and TROJ_ILOMO.L) arrive on systems via Web-based exploits and use different infection routines for the payload.Notable with these variants is that even when users have deleted the malicious file from the hard disk, its code remains [...]
Wed, 18 Mar 09
Online Risks Thrive Despite a Down Economy
http://blog.trendmicro.com/online-risks-thrive-despite-a-down-economy/
Trend Micro 2008 Annual Threat Roundup and 2009 Forecast
Wed, 18 Mar 09
Spanish Spam Abuses Reply-To, Contains Downloader
http://blog.trendmicro.com/spanish-spam-abuses-reply-to-contains-downloader/
This is hardly the first time cybercriminals used Facebook to spread spam and malware. As anti-spammers became vigilant with these techniques, these spammers keep up and think of different ways to spread dangerous links to malicious websites. Sample seen recently uses a revived technique: make the email look like it came from a trustworthy source [...]
Tue, 17 Mar 09
Waledac Localizes Social Engineering
http://blog.trendmicro.com/waledac-localizes-social-engineering/
The Waledac gang continues to improve on Storm’s tried and tested spamming technique. Fake news and alarming headlines are standard Storm email contents since the botnet’s most notorious variant, NUWAR, started sending out messages warning users of looming nuclear wars. Waledac recently started a new spamming operation using that same old social engineering technique:Figures 1, [...]
Sat, 14 Mar 09
Bogus Facebook, Malware, and a Dancing Girl
http://blog.trendmicro.com/bogus-facebook-malware-and-a-dancing-girl/
Without a doubt, Facebook is the most popular social networking site today among users and cyber criminals alike. Every now and then, Trend Micro discovers threats that ride on the said social networking site. For instance, just last week, Rik Ferguson, security analyst, reported a new variant of Koobface propagating via Facebook.
Earlier today, Trend Micro [...]
Sat, 14 Mar 09
Patches Released by Microsoft and Adobe
http://blog.trendmicro.com/patches-released-by-microsoft-and-adobe/
Both Microsoft and Adobe recently released security bulletins for reported vulnerabilities on their respective products, with Microsoft issuing 3 advisories, and Adobe finally releasing a patch to a previously discussed vulnerability.
Microsoft released the following security bulletins–one critical and two important–addressing several vulnerabilities:
(MS09-006) Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
(MS09-007) Vulnerability in SChannel [...]
Sat, 14 Mar 09
TinyURL Phishing Becoming Popular
http://blog.trendmicro.com/tinyurl-phishing-becoming-popular/
The language has changed but the modus operandi remains the same. Spammed messages, this time in Spanish, again use TinyURLs to mask the exact destination of the links they contain. Here’s a sample email message:Figure 1. Sample spammed message.The message above claims to be from Bancaja, a popular Spanish bank. It tells its recipients that [...]
Sat, 14 Mar 09
Phishing School Teaches Lessons on Secure Practices
http://blog.trendmicro.com/phishing-school-teaches-lessons-on-secure-practices/
The Trend Micro Content Security team discovered a phishing attack that used a software company’s website to lure victims into divulging personal information. The compromised site was that of School Website Solutions, which looks like this:
Figure 1. Clean page.
Phishers were able to hack the site however. Users who were trying to access School Website Solutions [...]
Sat, 14 Mar 09
Spammers Recommend Malicious Plans for the Crisis
http://blog.trendmicro.com/spammers-recommend-malicious-plans-for-the-crisis/
With the current global economic crisis, it is safe to assume that corporations are probably trying to solicit as many ideas as possible from their work force to help improve their business. Quite unfortunately, it is through this that spammers are trying to solicit victims of their illicit scheme, as they send out spam that [...]
Sat, 14 Mar 09
New DOWNAD Generates More URLs
http://blog.trendmicro.com/new-downad-generates-more-urls/
Trend Micro detects yet another variant of the infamous DOWNAD family, WORM_DOWNAD.KK. DOWNAD (also known as Conficker) is one of the more destructive outbreak worms in the Web threat era, with numbers matching that of giant botnets Storm and Kraken. WORM_DOWNAD.KK closely follows the trail of WORM_DOWNAD.A and WORM_DOWNAD.AD (which just late last month was [...]
Sat, 14 Mar 09
Economic Woes Ramp up Online Threats
http://blog.trendmicro.com/economic-woes-ramp-up-online-threats/
Watch out! Cybercriminals, as expected, are jumping in the economic recession bandwagon. Trust these fraudsters to take advantage of and cash in on the global recession. The Federal Trade Commission is warning against the boom of new online scams that promise government grants to aid cash-strapped consumers. These include spammed email messages containing links to [...]
Sat, 14 Mar 09
Fake Windows Support Spam Brings Forth an Info-Stealer
http://blog.trendmicro.com/fake-windows-support-spam-brings-forth-an-info-stealer/
This is probably the type of support one wouldn’t want to have.
Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware.
Figure 1. Spammed messages purporting [...]
Sat, 14 Mar 09
Phishing Delivery Services
http://blog.trendmicro.com/phishing-delivery-services/
The Trend Micro Content Security Team discovered fake websites that purport to be login pages of DHL, a company that offers air express transportation of goods between countries. Here’s a sample screenshot of a bogus page:Figure 1. Sample phishing page.The fraud site asks for users’ email addresses (which are ordinarily used for logging in) their [...]
Sat, 14 Mar 09
Crack Sites Distribute VIRUX and FakeAV
http://blog.trendmicro.com/crack-sites-distribute-virux-and-fakeav/
Trend Micro researchers discovered that warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files.Figure 1. Crack sites are being used [...]
Sat, 14 Mar 09
New Variant of Koobface Worm Spreading on Facebook
http://blog.trendmicro.com/new-variant-of-koobface-worm-spreading-on-facebook/
Watch a CNN segment where Rik Ferguson briefly talks about this threat attackI just received a Facebook message from a friend; it was a pretty standard one that is beginning to look familiar to a lot of us I am sure.Figure 1. Fake Facebook messageWhat surprised me though, was the page that the link led [...]
Sat, 14 Mar 09
A Second Rogue Facebook Application in Just a Week?
http://blog.trendmicro.com/a-second-rogue-facebook-application-in-just-a-week/
In a second attack, extremely reminiscent of the one that took place this weekend, Facebook users have once again been victimized by cybercriminals. Reports started surfacing this afternoon of yet another rogue Facebook application posting notifications to user profiles that said: (Name on my friend’s list) has just reported you to Facebook for violating our [...]
Sat, 14 Mar 09
UK Justice Minister Jack Straw’s Account Used for 419 Scam
http://blog.trendmicro.com/hackers-use-jack-straws-account-for-419-scam/
UK Justice Secretary Jack Straw had his web-based email account compromised last Thursday. Jack Straw, former Home Secretary, used a Hotmail account as his sole public email address.
Figure 1. Jack Straw’s contact information from http://www.jackstrawmp.org.uk/contactus.asp
In a variation of a theme currently being used on social networking sites, 419 scammers used the compromised account to send [...]
Sat, 14 Mar 09
Rogue Facebook App Linked to Blackhat SEO
http://blog.trendmicro.com/rogue-facebook-app-linked-to-blackhat-seo/
Over the weekend, an application of extremely dubious intent was released on Facebook. Called “The Error Check System“, this said application appears to be non-destructive, but spread very quickly and very widely and could in the process have collected thousands, hundreds of thousands even, of personal details.
The application sent out notifications to Facebook users stating [...]
Sat, 14 Mar 09
Xbox Live Losers Resort to Hacking
http://blog.trendmicro.com/xbox-live-losers-resort-to-hacking/
Xbox Live users, specifically winning players, are being targeted by hackers. Researchers believe that the attacks are done so other Xbox Live users could get back at the players who beat them in a game.A BBC report explains that the tools used in this hacking attack do not target the Xbox Live network but the [...]