Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Wed, 29 Apr 09
Swine Flu Outbreak Hits The Web Through Spam
http://blog.trendmicro.com/swine-flu-outbreak-hits-the-web-through-spam/
After the World Health Organization raised its global alert level on the spreading swine flu virus, Spammers quickly used this event for their spam campaigns. Early this morning, we have seen spam samples using Swine flu worldwide! or Swine flu outbreak! as their email subject. Spammers are using this social engineering technique because having the [...]
Tue, 28 Apr 09
Terra Spam Targets Portuguese-Speaking Users
http://blog.trendmicro.com/terra-spam-targets-portuguese-users/
They say the Internet is making the world smaller. Whether that’s the case for the rest of us is debatable or not, but for one group of people it’s definitely true: spammers.Consider this new sample that our team came across recently:It appears to come from the Brazilian portal site Terra. That, in itself, makes it [...]
Mon, 27 Apr 09
Unscrupulous Russian Cyber Criminals Attempt to Capitalize on Grisly Death
http://blog.trendmicro.com/unscrupulous-russian-cyber-criminals-attempt-to-capitalize-on-grisly-death/
Nikki CatsourasLet’s face it — cyber criminals never squander an opportunity to take advantage of potential victims’ curiosity, no matter how unethical, sick & twisted, or unscrupulous.Look at the tragic death of film star Heath Ledger. His untimely death was immediately used by cyber criminals to lure victims into their malware lair.But this is much, [...]
Thu, 23 Apr 09
Fake Form W-8BEN Used in IRS Tax Scams
http://blog.trendmicro.com/fake-form-w-8ben-used-in-irs-tax-scams/
Every year, April 15th marks the deadline for the submission of tax returns in the US, and with it comes the now-classic IRS (Internal Revenue Service) scam.Scammers are on the hunt for those who were not able to file their tax statements yet. Knowing how busy people are these days, scammers have taken advantage of [...]
Wed, 22 Apr 09
WALEDAC’s Latest Spamming Fetish
http://blog.trendmicro.com/waledac%e2%80%99s-latest-spamming-fetish/
WALEDAC has found a new fetish — spamming users with email messages on free foot fetish movies.According to Advanced Threats Researcher Joey Costoya, who initially reported the new WALEDAC spam run, clicking the link in the spammed email redirects users to websites featuring foot fetish videos.WALEDAC is notorious for employing various social engineering techniques that [...]
Sat, 18 Apr 09
Search for Twitter Worm News Snowballs to More Malware
http://blog.trendmicro.com/search-for-twitter-worm-news-snowballs-to-more-malware/
Days after the Twitter worm outbreak that affected “tens of thousands of users” , the attacks on the popular microblogging site are anything but slowing down. In fact, cyber criminals are taking advantage of the public’s interest and high media coverage of the incident to spread malicious links.Among the top ten search results in Google [...]
Fri, 17 Apr 09
New Waledac Campaign: SMS ‘Snooping’ Software
http://blog.trendmicro.com/new-waledac-campaign-sms-snooping-software/
After attempting to shock us with dire news of terrorist bombings, Waledac now attempts to entice us with offers of spying somebody else’s (notably a lover’s) SMS messages.The links in the spammed messages shown above lead to a malicious website, which offers a 30-day trial for a SMS (Short Messaging Service) Spying software. The link [...]
Thu, 16 Apr 09
Online Casino, Geocities, and Waledac
http://blog.trendmicro.com/online-casino-geocities-and-waledac/
Deviating from Conficker/Downad update and jigsaw puzzle menace, Waledac updated its spam emails and is now spamming online casino advertisements.The spammed email contains a URL link to a Yahoo! Geocities web page which is shown in Figure 4, and when the link “Play now” is clicked, it shows a casino related image ad as shown [...]
Thu, 16 Apr 09
April 2009 Patch Tuesday Release
http://blog.trendmicro.com/april-2009-patch-tuesday-release/
Microsoft released a total of 8 patches last April 14, comprising of 5 critical, 2 moderate, and 1 important update for the Windows OS. More information on the said patches are given below:• (MS09-009) Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)• (MS09-010} Vulnerabilities in WordPad and Office Text Converters Could [...]
Wed, 15 Apr 09
The DOWNAD/Conficker Jigsaw Puzzle
http://blog.trendmicro.com/the-downadconficker-jigsaw-puzzle/
This blog post puts together Trend Micro’s own DOWNAD research as well as collaborative input from the Conficker Working Group. It includes the collected reports regarding DOWNAD as well as analysis of binaries in one coherent timeline of events to shed some light in the continuing DOWNAD/Conficker Jigsaw Puzzle.SETTING THE STAGEThe rise of DOWNAD to [...]
Wed, 15 Apr 09
Boredom Results in Twitter Malware Attack
http://blog.trendmicro.com/boredom-results-in-twitter-malware-attack/
Normally, cybercriminals tend to be an anonymous lot. However, over the weekend we encountered a malware attack on Twitter which, if the named author is to be believed, was conceived out of boredom. There are many ways to relieve boredom, and writing malware shouldn’t really be one of them.Multiple users having exactly the same tweets [...]
Mon, 13 Apr 09
Rotten Eggs: An Easter Malware Campaign
http://blog.trendmicro.com/rotten-eggs-an-easter-malware-campaign/
Easter, like any other holiday, will not pass without cybercriminals attempting to exploit the occasion for their own malicious operations.Trend Micro Advanced Threats Researcher Paul Ferguson discovered websites that seem to be related to Easter, except they are malicious and were created to spew malware onto PCs. He adds that there is evidence again pointing [...]
Fri, 10 Apr 09
Adobe Acrobat/Reader getIcon() Vuln Exploit in the Wild
http://blog.trendmicro.com/adobe-acrobatreader-geticon-vuln-exploit-in-the-wild/
Cyber criminals have now updated their PDF exploits to include the getIcon() vulnerability (CVE-2009-0927). We currently detect this as TROJ_PIDIEF.OE. As usual, we highly encourage users to update now to the latest versions of Adobe Acrobat and Adobe Reader (if you haven’t yet). Reading the security advisory by Adobe closely, we see that this issue [...]
Thu, 9 Apr 09
DOWNAD/Conficker Watch: New Variant in The Mix?
http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/
Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing P2P communications from the Conficker peer nodes.Well that was until last night when we saw a [...]
Thu, 9 Apr 09
New MS08-067 Exploit Creeps in During DOWNAD Frenzy
http://blog.trendmicro.com/new-ms08-067-exploit-creeps-in-during-downad-frenzy/
A new MS08-067 exploit silently made its entrance as the rest of the world was keeping watch on DOWNAD’s next step last week. In what seems to be a case of “old worm with new tricks,” the worm Neeris which has been active for a few years now was found updated with the now [...]
Wed, 8 Apr 09
Tax Season is Phishing Season
http://blog.trendmicro.com/tax-season-is-phishing-season/
As usual, the approaching tax season (April 15th is Tax Day in the US) also comes with tax-related online threats. With unemployment rates reaching record highs this year, cybercriminals have yet another opportunity to polish their social engineering techniques.Last year, spammed messages supposedly from the Internal Revenue Service (IRS) delivered malware into systems. The email [...]
Sun, 5 Apr 09
Downad.KK/Conficker.C p2p Port Generation Code Exposed
http://blog.trendmicro.com/downadkkconfickerc-p2p-port-generation-code-exposed/
Yes, we didn’t want to hear any more about this either, but this is actually interesting.In the process of investigating the WORM_DOWNAD.KK peer-to-peer (P2P) protocol communications, Trend Micro threat researchers have discovered – with the assistance of some external resources – some interesting code which indicates that the basic code functionality has been borrowed from [...]
Sat, 4 Apr 09
A Look Inside Conficker P2P Traffic
http://blog.trendmicro.com/a-look-inside-conficker-p2p-traffic/
Visualizations can often show researchers details that would otherwise take hours of staring at raw data to find. WORM_DOWNAD.KK has plenty to show us if we look in the right places. This post focuses on the various P2P channels.The first set of graphs map each IP address (source and destination) found in the source pcap [...]
Sat, 4 Apr 09
New Exploit Takes on MS PowerPoint
http://blog.trendmicro.com/new-exploit-takes-on-ms-powerpoint/
A new 0-day malware leveraging on a vulnerability found in Microsoft PowerPointis making rounds. Distributed as attachment to spam messages, specially crafted PowerPoint files are used for exploitation, which would grant cybercriminals access into the affected user’s system.Here are screenshots of the said PowerPoint files:Figure 1. Spammed malicious PPT fileFigure 2. Spammed malicious PPT fileFigure [...]
Fri, 3 Apr 09
Waledac Spamming Image Hosting and Italian Job Offers
http://blog.trendmicro.com/waledac-spamming-image-hosting-and-italian-job-offers/
If you have been swamped lately by email offering unlimited image hosting services at a certain site such as the one below, blame Waledac for that.Figure 1. Image hosting spamWorth noting also is that this particular image hosting site’s name bears resemblance to the publisher of the most popular MMORPG (massively multiplayer online role-playing)game.Besides advertising [...]
Fri, 3 Apr 09
More DOWNAD/Conficker Questions After April 1st
http://blog.trendmicro.com/more-downadconficker-questions-after-april-1st/
All around the world, April 1st has already passed. The DOWNAD/Conficker April 1st hype has kept most, if not all, of us in the security industry and in the Conficker Working Group busy in the past few weeks. The day may have ended quietly, but follow-up question still linger as a new day begins:Q: [...]
Fri, 3 Apr 09
Cable Cable Phish Phish
http://blog.trendmicro.com/cable-cable-phish-phish/
The Trend Micro Content Security team recently discovered a Cable Cable Inc. domain hosting a Walmart phishing survey. Cable Cable Inc. is a television, Web, and phone service provider based in Canada. Walmart, of course, is the chain of discount department stores.As shown in the following sample phishing page, hosted at http://{BLOCKED}www.cablecable.net/~brook/SpringSurvey/walmartstores.com/walmartstores.com/index.html, Walmart customers are [...]
Thu, 2 Apr 09
Strange April Fools’/D-Day Prank
http://blog.trendmicro.com/strange-april-foolsd-day-prank/
While the computing population is secretly expecting fireworks once DOWNAD-infected PCs start accessing some of its 50,000 generated URLs, we at Trend Micro know that cybercrime operates in almost absolute stealth. Preaching this alongside best practices like immediately installing OS, productivity and security software updates is a drum security workers beat tirelessly.In an anti-climactic turn, [...]