Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Tue, 30 Jun 09
Michael Jackson Video Leads to Malware Download
http://blog.trendmicro.com/michael-jackson-video-leads-to-malware-download/
Cybercriminals once again used the passing of Michael Jackson, the ‘King of Pop,’ a few days ago as an opportunity to go about with their malicious activities and attack innocent users.We spotted an email (see Figure 1 below) about Michael Jackson’s death written in Spanish claiming to be from CNN Mexico.Upon closer analysis (see Figure [...]
Tue, 30 Jun 09
Files for Ransom… or Not
http://blog.trendmicro.com/files-for-ransom%e2%80%a6-or-not/
A new ransomware spreading through email is on the loose.On the outset, the worm detected by Trend Micro as WORM_RANSOM.FD may look like a normal mass-mailing worm but further analysis reveals that this comes with a deadly payload. With only a few exceptions (files with .rwg, .dll, .exe, .ini, .vxd, and .drv extensions are [...]
Mon, 29 Jun 09
New Anti-analysis Technique for Script Malware
http://blog.trendmicro.com/new-anti-analysis-technique-for-script-malware/
Recently, we came across JS_VIRTOOL which uses certain Javascript techniques so that encrypted code may not be decrypted and analyzed by a malware analyst.Here is how this is done:It retrieves the URL where the malicious script is located.It retrieves its own function and adds the string of the URL.It computes the CRC of the function [...]
Sat, 27 Jun 09
MSN Bot Plays on Controversy over Michael Jackson’s Death
http://blog.trendmicro.com/msn-bot-plays-on-controversy-over-michael-jacksons-death/
Following the sudden and shocking death of The King of Pop, Senior Threat Researcher Loucif Kharouni reports that a slew of malicious links related to Michael Jackson’s last moments in the hospital before his death are now being proliferated in the wild via the instant messaging (IM) application, MSN. Below is a sample screenshot of [...]
Thu, 25 Jun 09
Another Sex Tape, Another Malware Attack
http://blog.trendmicro.com/another-sex-tape-another-malware-attack/
Earlier today Rik Ferguson at the Countermeasures blog posted about a new malware threat that came from Twitter. The details are at his post but the short version is as follows:Somehow, the Twitter account of noted venture capitalist and writer/columnist, Guy Kawasaki, was hacked into posting a malicious tweet/update (see Figure 1). It came with [...]
Thu, 25 Jun 09
Med Spam Litters Silverlight Forums
http://blog.trendmicro.com/med-spam-litters-silverlight-forums/
While testing some Google searches, I came across an interesting result searching for Cialis, a popular anti-erectile dysfunction drug commonly sold by dubious online resellers. The fourth Google result returned a forum for Silverlight, a programmable web browser plugin by Microsoft (Figure 1). Interested, I clicked on the link and found an interesting post.This doesn’t [...]
Tue, 23 Jun 09
"Critical Update" Leads to Critical Info Theft
http://blog.trendmicro.com/critical-update-leads-to-critical-info-theft/
Microsoft Corporation regularly issues updates to fix bugs and security vulnerabilities in its software products. These updates are meant to protect its users from different attacks that depend mainly on exploiting these documented bugs.Close to the weekend, we identified spam (click Figure 1 thumbnail for larger view) claiming to be a Microsoft Outlook and Outlook [...]
Sat, 20 Jun 09
Tattletale Spam Reveals Malicious File Instead of Gossip
http://blog.trendmicro.com/tattletale-spam-reveals-malicious-file-instead-of-gossip/
Cyber-criminals are now posing as a tattletale about to reveal something scandalous, as seen in a malicious spam run we’ve encountered recently.The spam messages are posed to look similar to an email from YouTube, and arrive with a link, which is supposedly a video posted in the said video-sharing website.The message is written in Portuguese [...]
Sat, 20 Jun 09
Australian Taxpayers Targeted by Phishing Attack
http://blog.trendmicro.com/australian-taxpayers-targeted-by-phishing-attack/
The Australian Taxation Office (ATO) is calling the people to start thinking about lodging their 2008-2009 tax returns. And with this significant event on the rise, spammers are using this as a bait to promote phishing mails.The mail contains a letter stating that it was from ATO. It informs the receiver that he or she [...]
Fri, 19 Jun 09
Deceitful Advertisement thru Dating Spam
http://blog.trendmicro.com/deceitful-advertisement-thru-dating-spam/
Today we have noticed an increase in the amount of dating spam mails containing phrases such as: I’m emailing you because I like youwanted to let you know about my profileyou have been invited to joinThe link in the spam points to an adult-dating web page that contains pictures of a woman, as well as [...]
Fri, 19 Jun 09
Air France Flight 447 Spam Arrives with PowerPoint Exploit
http://blog.trendmicro.com/air-france-flight-447-spam-arrives-with-powerpoint-exploit/
After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint.The spammed [...]
Thu, 18 Jun 09
Wholesale Redirects to Malware Averted, For Now
http://blog.trendmicro.com/wholesale-redirects-to-malware-averted-for-now/
URL redirection services like TinyURL have grown from almost nothing in recent years, due entirely to the success of Twitter and its 140-character limit. For most users, they represent a welcome convenience as they make their tweets, status messages, and other such space-limited posts throughout the day.Unfortunately, cybercriminals have used such services as part of [...]
Thu, 18 Jun 09
Iran: Street Protests Paralleled by DDoS Attacks
http://blog.trendmicro.com/iran-street-protests-paralleled-by-ddos-attacks/
The violent protests by activists unhappy with the results of the recently concluded Iran presidential elections are being paralleled by DDoS attacks organized by hacktivists to bring down Iran government websites.Although it hasn’t been confirmed if the DDoS attacks were indeed successful, several Iranian government websites have been reported inaccessible. Noah Shachtman from Wired expressed [...]
Wed, 17 Jun 09
Not One but Two New OS X Malware
http://blog.trendmicro.com/not-one-but-two-new-os-x-malware/
Two new malware for Mac OS X were recently discovered. Even though there are indeed relatively fewer Mac malware compared with Windows, many Mac users who still believe they are somehow magically immune from attacks may run the risk of encountering any of these two.One of the newest Mac OS X malware, a Trojan detected [...]
Wed, 17 Jun 09
Spammers Celebrate with Father’s Day Early
http://blog.trendmicro.com/spammers-celebrate-with-fathers-day-early/
June 21, 2009, marks the date we give honor to one of the reasons why we are alive. Father’s Day is a tradition meant for us to show our appreciation and extend our love for our dear fathers. With the fast changing technology however, people, spammers especially, follow the trend and celebrate the occasion in [...]
Wed, 17 Jun 09
Another Google Search Feature Abused
http://blog.trendmicro.com/another-google-search-feature-abused/
A recent set of spam emails were seen abusing yet another Google search feature:The URL in the spam email above uses the search feature q=site: in order to direct the user clicking on the link to a Google results page returning the spam site:What works in the spammers advantage is Google displays the first few [...]
Wed, 17 Jun 09
Spammers Ride on H1N1 Global Pandemic
http://blog.trendmicro.com/spammers-ride-on-h1n1-global-pandemic/
The World Health Organization (WHO) raised the H1N1 global pandemic alert level to phase 6 on June 11. More than 70 countries have now reported cases of human infection. Many of the cases reportedly had links to travel or were localized outbreaks. The WHO designation of a phase 6 pandemic alert reflects the fact that [...]
Sat, 13 Jun 09
The Good and the Bad of Being A New Spam Bot
http://blog.trendmicro.com/the-good-and-the-bad-of-being-a-new-spam-bot/
It seems like a new spam bot is currently being developed. Few days ago it was posted a pretty good analysis of a relatively simple spam bot, which Trend Micro detects as TROJ_PROXY.AIF.This spam bot is quite straightforward. On execution the trojan (TROJ_PROXY.AIF) issues a DNS query to a single domain in order [...]
Fri, 12 Jun 09
Botnet Research on WALEDAC and PUSHDO
http://blog.trendmicro.com/botnet-research-on-waledac-and-pushdo/
TrendLabs researchers have recently published their research on two of the most prevalent botnets in the threat landscape to date:Infiltrating WALEDAC Botnet’s Covert OperationsSpam is not a mere inbox annoyance anymore but is the first step toward executing more dangerous kinds of system infiltration. Malware are no longer discrete executables but a motley group of [...]
Thu, 11 Jun 09
Stolen FTP Credentials Key to Gumblar Attack
http://blog.trendmicro.com/stolen-ftp-credentials-key-to-gumblar-attack/
Analysts of the recent Gumblar attack that compromised thousands of legitimate websites stated that the unauthorized modifications in the websites were possibly executed not only through SQL injection. The compromise was also reportedly done through accessing web server files through stolen FTP credentials gathered by one of the final malware payloads of the same attack.The [...]
Thu, 11 Jun 09
June 2009 Microsoft and Adobe Security Updates
http://blog.trendmicro.com/june-2009-microsoft-and-adobe-security-updates/
Microsoft released ten security advisories yesterday to address at least 31 vulnerability issues in its various Windows operating system (OS) versions and other software. This broke the company’s December 2008 record of releasing patches for 28 vulnerabilities. Six of the said vulnerabilities were categorized as critical, three were important, and one was moderate. This means [...]
Wed, 10 Jun 09
Beware of Repackaged HijackThis Downloads
http://blog.trendmicro.com/beware-of-repackaged-hijackthis-downloads/
HijackThis™ is one of the well-known free utilities of Trend Micro that quickly scans a user’s Windows computer to find settings that may have been changed by spyware, malware, or other unwanted programs. By itself, it does not determine what is good or bad but it lists registry keys and files system of the scanned [...]
Mon, 8 Jun 09
Reconfigure Your Outlook with Malware
http://blog.trendmicro.com/reconfigure-your-outlook-with-malware/
A few days ago, we reported about a phishing email that is supposedly a Microsoft Outlook notification, telling users to reconfigure their program by clicking on the link provided. Instead of an update, however, the user is redirected to a phishing Web site, where s/he is asked for his/her account information, including incoming and outgoing [...]
Sun, 7 Jun 09
Another Wave of Mass Compromises Serve Info-Stealers
http://blog.trendmicro.com/another-wave-of-mass-compromises-serve-info-stealers/
Aside from Gumblar, another incident of mass compromised web sites have been seen in the wild lately, and has raised as much concern as the former. This one starts with the same technique: a malicious IFRAME unknowingly embedded in a legitimate website, injected via JavaScript. The said IFRAME redirects to another IFRAME, which in turn [...]
Fri, 5 Jun 09
Autorun Worm Invades ZIP
http://blog.trendmicro.com/autorun-worm-invades-zip/
Stealth technique used by malware is considered a core characteristic which has been developed, improved, redesigned, and reused. Michael Tants, Threat Researcher at Regional TrendLabs in Europe, has notified us of a worm that has a unique way of hiding: on infection, WORM_AUTORUN.JFZ writes a copy of itself in every ZIP-compressed file it finds on [...]
Fri, 5 Jun 09
Air France Flight 447 Search Results Lead to Rogue Antivirus
http://blog.trendmicro.com/search-results-for-air-france-flight-447-lead-to-rogue-antivirus/
Issues surrounding the crash of Air France Flight 447 have not been fully resolved up to now but, it didn’t need be for cybercriminals; they’re already taking advantage of this tragedy too.Through SEO poisoning, searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately [...]
Thu, 4 Jun 09
Social Engineering Watch: Summer
http://blog.trendmicro.com/social-engineering-watch-summer/
Invariably, summer is when people troop to online shops, book flights to go on much-awaited vacations, and schedule recreational activities or hobby-type classes. Trend Micro identifies some of the biggest threats that take advantage of summer, an “important season for the social agenda of individuals.” Shopping invoices for ghost transactions: Users, even those who don’t [...]
Wed, 3 Jun 09
Phishing Attack Targets Microsoft Outlook Users
http://blog.trendmicro.com/phishing-attack-targets-microsoft-outlook-users/
Seems like since micro-blogging, social networking, and banking sites are the ones commonly targeted by phishers nowadays, one attack pulled itself away from the trend and went for a more direct approach: email accounts.We’ve recently found a phishing email that informs users to re-configure their Microsoft Outlook through an online procedure. Users are instructed to [...]
Wed, 3 Jun 09
Government Sites Tainted with Sexy Star Video Lures
http://blog.trendmicro.com/government-sites-tainted-with-sexy-star-video-lures/
Early last week we alerted a government agency about one of the pages in their site that appears to have been injected with malicious frames. The San Bernardino County site’s probation page was, during that time, carrying a frame that directs users to a known disease vector under the domain videosdivx(dot)net. The target URL bear [...]
Wed, 3 Jun 09
Suspended Site Serves as Malware Repository
http://blog.trendmicro.com/suspended-site-serves-as-malware-repository/
We have recently found a website that purportedly offers cracks for numerous applications, but in reality serves malicious files to its unknowing users.The website, hxxp://{BLOCKED}ck.com, is allegedly owned by an organization called China.United Telecom. Corp. The said website supposedly offers a wide collection of cracks for different applications. However, attempting to download any of these [...]