Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Fri, 29 May 09
Phishing For Twitter Popularity
http://blog.trendmicro.com/phishing-for-twitter-popularity/
As many as 13,000 Twitter users have been affected by a new “worm-like” phishing attack that feeds on some members’ desire to gain more followers. The said scam dupes users into forking over their account names and passwords using a Web site called “Twittercut.”Twitter users may see the following tweet in their stream:When they click [...]
Fri, 29 May 09
‘Secret Admirer’ Confesses Through Web TV Spam
http://blog.trendmicro.com/secret-admirer-confesses-through-web-tv-spam/
We might not be experts on how to express special feelings for someone, but we know sending them messages that lead to TV channel advertisements ain’t one of the ways to do them.The message indicates that the recipient has a secret admirer and he/she has provided a profile for the recipient to view.Below is a [...]
Fri, 29 May 09
Fake Anti-Spam Filter Leads to Keylogger
http://blog.trendmicro.com/fake-anti-spam-filter-leads-to-keylogger/
Spam mails are very annoying, so we turn to spam filters to avoid ending up with an inbox flooded with them. Unfortunately one “anti-spam filter” we’ve encountered isn’t driving junk out, but letting them in.We have received an email message claiming that it is from Webmail Support. It is posing as a security announcement and [...]
Wed, 27 May 09
From IM to Twitter: Weight-Loss Spam Gains Ground
http://blog.trendmicro.com/from-im-to-twitter-weight-loss-spam-gains-ground/
A spam attack that has affected instant messaging users has found its way through Twitter, infiltrating users accounts to post messages with links connecting to weight-loss drugs.Hacked Twitter accounts are being used to post messages that promote weight-loss drugs. The messages vary in the stated text, but generally states the same message and are [...]
Wed, 27 May 09
Citi Prepaid Phishing Services
http://blog.trendmicro.com/citi-prepaid-phishing-services/
Formerly known as Ecount, Citi Prepaid Services is a prepaid solution for companies who aim for a customizable solution for payroll, sales incentives, benefit payments, etc. Recently we have encountered a phishing email, informing Citi Prepaid Services customers/clients that their account information needs to be updated due to inactive membership, purported causing fraud and report [...]
Mon, 25 May 09
Brazil: Orkut Phishing Mail Leads to Data-Stealing Malware
http://blog.trendmicro.com/brazil-orkut-phishing-mail-leads-to-data-stealing-malware/
We recently captured a spam email that appeared to be from Orkut. It is written in Portuguese, and translates to the following (via GoogleTranslate):Problems with your account. Dear User, We received some complaints against your profile saying you are "using copyrighted material," and before Orkut disables your account unfairly, asks for you to [...]
Sat, 23 May 09
Fake Videos Lead to Fake Flash Player
http://blog.trendmicro.com/fake-videos-lead-to-fake-flash-player/
Cybercriminals have long used videos as a lure to get unknowing users to download and install malware onto their systems. Recently, however, a new variant came up that differs just a little from the usual modus operandi.TROJ_SMALL.UY, at first glance, appears to be a fairly standard malware that’s installed by claiming it’s needed for a [...]
Sat, 23 May 09
Gumblar Finds Successor, Continues Info Stealing Spree
http://blog.trendmicro.com/gumblar-finds-successor-continues-info-stealing-spree/
Gumblar.{BLOCKED}, the domain to which visitors of reported compromised websites were directed to was taken down, only to be replaced by a new one: Martuz.{BLOCKED}.In an attack which quickly garnered much attention in the security industry, visiting compromised websites were found to redirect the user to Martuz.{BLOCKED}, which leads to a download of a file [...]
Fri, 22 May 09
Pushdo/Cutwail – Traditional AV is Useless (Part 5 of 5)
http://blog.trendmicro.com/pushdocutwail-%e2%80%93-traditional-av-is-useless-part-5-of-5/
This is the final part of our report on Pushdo. Read the first, second, third, and fourth part of this report for more information.Over the course of our blog series on Pushdo we have covered some of the key aspects of the threat – how its spams, its stealth components, sniffer and some background on [...]
Thu, 21 May 09
German Job Offers Used for Nigerian Scam
http://blog.trendmicro.com/german-job-offers-used-for-nigerian-scam/
These days, German users receive emails announcing that a company called IT-Electronics is looking for professionals in search of extra income. Here is a rough translation of the email message:Dear recipient, IT Electronics, the leading Asian firm in the field of information technology, announces again its intention to employ workers in Germany. We give you [...]
Thu, 21 May 09
Koobface Worm Alive and Wriggling
http://blog.trendmicro.com/koobface-worm-alive-and-wriggling/
Shortly after a phishing attack that targeted the 200 million users of immensely popular social networking site, Facebook, another attack was launched by cybercriminals. This time however, the attack targets not only Facebook users but also members of Tagged, Friendster, MySpace and other networking sites as well.A new Koobface attack was found, which uses the [...]
Wed, 20 May 09
Pushdo/Cutwail – Sniffing for the win (Part 4 of 5)
http://blog.trendmicro.com/pushdocutwail-%e2%80%93-sniffing-for-the-win-part-4-of-5/
Check out the first, second, and third part of this report.The bad guys behind this botnet are sly and evil, you have to give them that!From their end, this is just pure business. They cater to Russian companies to advertise their services, be it a law firm or a dance academy, but they have a [...]
Tue, 19 May 09
Pushdo/Cutwail – Can’t touch this (Part 3 of 5)
http://blog.trendmicro.com/pushdocutwail-%e2%80%93-can%e2%80%99t-touch-this-part-3-of-5/
Read the first and second part of this report. We’ve all been there. Your scheduled scan displays a popup with text similar to“A malicious file c:definatelyNotAVirus_Honest.exe has been detected on your computer”On finding a malicious file some network administrators will even proactively submit suspicious files to multi-scanner online services such as “Virus Total” - which [...]
Tue, 19 May 09
Mediterranean Hacktivism on the Rise
http://blog.trendmicro.com/mediterranean-hacktivism-on-the-rise/
The increasing number of website defacements by hackers in the Mediterranean region highlights persistent Web server security issues. A few weeks ago, Turkish hackers defaced several New Zealand websites, among them some high-profile and high-traffic sites, by modifying the pages to display messages like “Stop the war Israel (sic),” or a picture of Bill Gates [...]
Fri, 15 May 09
CVE-2009-0556 Vulnerability Patched
http://blog.trendmicro.com/cve-2009-0556-vulnerability-patched/
Microsoft finally released on Tuesday the patch for the PowerPoint vulnerability that has been exploited by cybercriminals early last month. The said update patches 14 Microsoft PowerPoint vulnerabilities, 11 of which were rated as critical, Microsoft’s highest threat ranking. It provides fixes for some versions of Microsoft Office, including 2000, XP, 2003 and 2007. However, [...]
Fri, 15 May 09
Happy Birthday, AMTSO!
http://blog.trendmicro.com/happy-birthday-amtso/
Last week, the Anti-Malware Testing Standards Organization, or AMTSO, held its second members’ meeting this year that took place in Budapest, Hungary as an extension to the CARO Workshop. AMTSO released new papers at their website, adding to their roster of documents regarding the organization’s principles and guidelines on testing.Trend Micro has been constantly and [...]
Thu, 14 May 09
Pushdo/Cutwail – From Russia with Love (Part 2 of 5)
http://blog.trendmicro.com/pushdocutwail-%e2%80%93-from-russia-with-love-part-2-of-5/
This is the second of the 5-part report on Pushdo. Don’t miss the next part of this series: “Pushdo – Can’t Touch This.” Previous Pushdo/Cutwail posts can be read here. The first part can be read here.Russia has always been famous for some of its better known exports such as oil, gas, vodka and Andrei [...]
Wed, 13 May 09
Spoofed Western Union Mail Carries Info Stealer
http://blog.trendmicro.com/spoofed-western-union-mail-carries-info-stealer/
Fast, safe, and reliable–the promise of money transfer companies. They have been popular because of the convenience in transferring money in almost any part of the world. A convenience being enjoyed by spammers as well.Recently, the Content Security team caught spam claiming to be from Western Union containing a notice of an uncollected money transfer. [...]
Wed, 13 May 09
Pushdo/Cutwail – The Art of Spamming (Part 1 of 5)
http://blog.trendmicro.com/pushdocutwail-%e2%80%93-the-art-of-spamming/
Unless you’ve been off the Internet for the last seven years, you’ve probably heard of the massive security problem that botnets have become. These large collections of infected computers commanded by criminal outfits can launch coordinated attacks, host malicious websites or send spam…lots and lots of spam. If you actually ARE connecting to the Internet [...]
Tue, 12 May 09
Fake Antivirus Targets Brazil
http://blog.trendmicro.com/fake-antivirus-targets-brazil/
Fake/rogue antivirus strikes again, this time targeting the users in Brazil. Like in today’s malware trends, it did not come alone.It initially starts with a spam message:SUBJECT: Hello, I am sending you my invitation to the graduation location, date and time BODY: Hello, I am sending you my invitation to the graduation location, date and [...]
Tue, 12 May 09
Yet More Swine Flu Attacks
http://blog.trendmicro.com/yet-more-swine-flu-attacks/
Spammers know a thing or two about persistence, it seems. CNET reports a new Trojan—TROJ_QHOST.TB—that is the latest to take advantage of fears of swine flu. TROJ_QHOST.TB modifies the HOSTS file of any affected system, which results to the user being redirected to a spoofed banking-related website whenever they attempt to access the real ones. [...]
Tue, 12 May 09
Cybercriminals Launch Tainted Windows 7 RC
http://blog.trendmicro.com/cybercriminals-launch-tainted-windows-7-rc/
The official launch of the Windows 7 Release Candidate last May 5 was soon followed by another version of the software, only that this other version came with a malware surprise.A file being hosted in popular torrent sites posing as a copy of the Windows 7 RC was found to be a Trojan by security [...]
Thu, 7 May 09
APWG Counter E-Crime Operations Summit 2009, Barcelona
http://blog.trendmicro.com/apwg-counter-e-crime-operations-summit-2009-barcelona/
I’m very much looking forward to seeing old & new friends in Barcelona next week at the annual APWG Counter E-Crime Operations Summit (CeCOS) 2009. This will the third instance of this event (I have been to all three), and I happy to report that that if the upcoming Barcelona conference is anything like the [...]
Wed, 6 May 09
Waledac Turns to Cash and Vaccines
http://blog.trendmicro.com/waledac-turns-to-cash-and-vaccines/
Riding on the ongoing global economic recession, Waledac updates its spam messages with email subjects related to earning a fortune through Google cash.Other spam email subjects we’ve seen so far:Be your own boss with GoogleEarn cash using Google todayGoogle System that really worksMake a fortune onlineMake thousands a month from homeStart your home business todayUse [...]
Wed, 6 May 09
Voice-Over-Net-AGE Phished!
http://blog.trendmicro.com/voice-over-net-age-phished/
The Content Security Team encountered a phishing page of VONAGE. Vonage is a publicly-held commercial voice over IP (VoIP) network and SIP company that provides telephone service via a broadband connection.The phishing page looks exactly like Vonage official log in page. The phishing site asks the user to enter their user name and password. Once [...]
Wed, 6 May 09
Spoofed KMart Survey Offers $150 for Credit Card Info
http://blog.trendmicro.com/spoofed-kmart-survey-offers-150-for-credit-card-info/
After the Walmart phish, comes the KMart survery form phish wherein it promises to add a $150 to the users account just by taking the survey form. As shown in the verification page, the user has to rate each criterion provided and then the personal information of the user such as full name, phone number [...]
Wed, 6 May 09
Swine Flu Spam Attempt to Infect Japanese Users
http://blog.trendmicro.com/swine-flu-spam-attempt-to-infect-japanese-users/
Another swine flu-related spam run was recently reported, this time targeting Japanese users. Aside from using the swine flu as its social engineering method, which has already been used in earlier spam runs, this spam run also uses a technique where the sender of the message appears to use the .yahoo.co.jp domain. This serves [...]
Wed, 6 May 09
Porn Sites Lead to MBR Rootkit
http://blog.trendmicro.com/porn-sites-lead-to-mbr-rootkit/
Websites related to pornography that appear to be compromised were found by Trend Micro engineers loading malicious JavaScript which redirects users onto malicious domains that ultimately lead to the download of an MBR rootkit (TROJ_SNOWAL.A)onto the affected system.The malicious JavaScripts are now detected as the following:JS_IFRAME.APQJS_IFRAME.ABGJS_IFRAME.QDJS_PSYME.CRTJS_IFRAME.APUJS_IFRAME.APWThe abovementioned malicious scripts all follow a similar routine: [...]
Wed, 6 May 09
Koobface Tries CAPTCHA Breaking
http://blog.trendmicro.com/koobface-tries-captcha-breaking/
Early this week, we’ve encountered a new Koobface spam campaign which involved links that eventually led users to this Youtube copycat web page.The scheme uses the old flash player trick (see Figure 1) where the user is told that they need to download the latest version of Adobe Flash Player to view a certain video. [...]
Wed, 6 May 09
Invoice Spam Finds New Target: WorldPay
http://blog.trendmicro.com/invoice-spam-finds-new-target-worldpay/
After spam runs related to UPS, FedEx, and Western Union, another form of invoice spam strikes again!We caught a new invoice spam that is purportedly from WorldPay, a division of the Royal Bank of Scotland that specializes in handling secure online payments from all over the world.The spammed email message informs users that their [...]