Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Fri, 31 Jul 09
Sly Spam Run Targets Hotmail Users
http://blog.trendmicro.com/sly-spam-run-targets-hotmail-users/
Hotmail users need to be wary about a malicious spam run that specifically targets users of the said webmail. Senior Security Analyst Rik Ferguson reports that spam messages arrive with text indicating that it has file attachments that are image files with the JPEG format. In truth however, the file names of attachments are actually [...]
Thu, 30 Jul 09
Rogue DNS Leads to Bogus Russian Social Network Site
http://blog.trendmicro.com/rogue-dns-leads-to-bogus-russian-social-network-sites/
Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site vkontakte.ru. Visitors of the spoofed site risk exposing their personal login credentials to a third party. Vkontakte.ru is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more [...]
Thu, 30 Jul 09
TrendWatch Relaunch
http://blog.trendmicro.com/trendwatch-relaunch/
Trend Micro recently relaunched TrendWatch, its dedicated threat center, to keep users better informed and abreast of the latest threats! As with the website’s earlier launch last year, this year’s relaunch aims to continue to make more intuitive information about all threats as accessible as possible to all our site visitors.The site will continue to [...]
Thu, 30 Jul 09
Microsoft Releases Out-of-Cycle Patches For Exploits
http://blog.trendmicro.com/microsoft-releases-out-of-cycle-patches-for-exploits/
It’s not the second Tuesday of the month, but Microsoft has rushed out several patches for Internet Explorer. These are related to the zero-day exploit that was revealed earlier in the month; however it appears that the underlying vulnerability was not fixed; independent security researchers have discovered the underlying flaw and are ready to release [...]
Tue, 28 Jul 09
Malicious Twitter Posts Get More Personal
http://blog.trendmicro.com/malicious-twitter-posts-get-more-personal/
One recent report by Rik Ferguson said that malicious Twitter posts are getting dangerously more customized, increasing the possibility of users getting hooked into malicious schemes.A Twitter spambot is said to have been used in launching this recent attack. The spambot creates Twitter accounts and fashions them to appear as legitimate accounts by posting seemingly [...]
Mon, 27 Jul 09
Rogue Antivirus Terminates EXE Files
http://blog.trendmicro.com/rogue-antivirus-terminates-exe-files/
This weekend, we at TrendLabs came across a FAKEAV variant similar to the one peddled in the solar eclipse 2009 in America attack in this recent blog post. This one, however, introduces another new scare tactic (so far the latest new ploy we’ve seen is the ransomware/FAKEAV that encrypts files in the infected computer and [...]
Fri, 24 Jul 09
“Solar Eclipse 2009 in America” Leads to FAKEAV
http://blog.trendmicro.com/solar-eclipse-2009-in-america-leads-to-fakeav/
Yesterday’s solar eclipse over parts of Asia was witnessed by millions of people, so it shouldn’t come as a surprise that it should attract the attention of cybercriminals. And it has. Cybercriminals wasted no time in riding on the said phenomenon as they use SEO poisoning to lead users into redirecting to a site peddling [...]
Thu, 23 Jul 09
New KOOBFACE Upgrade Makes It Takedown-Proof
http://blog.trendmicro.com/new-koobface-upgrade-makes-it-takedown-proof/
Early this week, the KOOBFACE Command and Control (C&C) servers issued a new command to its downloader component. This new command identifies a list of IP addresses to be used by the downloader component as Web or relay proxies to retrieve subsequent commands and components. In the old KOOBFACE architecture (see Figure 1), the downloader [...]
Wed, 22 Jul 09
More Zero-Day Exploits for Firefox and IE Flaws
http://blog.trendmicro.com/more-zero-day-exploits-for-firefox-and-ie-flaws/
Earlier today, Senior Threat Researcher Joseph Reyes spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities:JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files.JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN.JS_SHELLCODE.BU exploits [...]
Mon, 20 Jul 09
Photos From Michael Jackson’s Memorial Mask Malware
http://blog.trendmicro.com/photos-from-michael-jackson%e2%80%99s-memorial-mask-malware/
The sudden death of Michael Jackson caused not only an outpouring emotions from his family, friends, and fans, but also a spread of spam mails that took advantage of this tragic event. Even after his memorial service last July 7, 2009, spammers are clearly not resting as they try to spread other malicious spam messages.We [...]
Sat, 18 Jul 09
Massive SQL Injection Ensues
http://blog.trendmicro.com/massive-sql-injection-ensues/
With the growing concern with numerous vulnerabilities, just this afternoon, Trend Micro Research Project Manager, Ivan Macalintal, stumbled on a somewhat regional fallout of this SQL injection in India threading through numerous compromised government, tourism, popular media, and other sites. We have identified the following new URLs leading to more malware that made it into [...]
Fri, 17 Jul 09
July 2009 Microsoft Security Updates
http://blog.trendmicro.com/july-2009-microsoft-security-updates/
Six security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks. The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered [...]
Thu, 16 Jul 09
Signed Malware Coming To A Phone Near You?
http://blog.trendmicro.com/signed-malware-coming-to-a-phone-near-you/
Conventional wisdom has it that mobile platforms like PDAs and mobile phones are safer from malware attacks, one reason being the relatively closed nature of such platforms. In some platforms, such as newer versions of the Symbian OS, this is enforced in part by mandatory code signing, which requires that applications need to be signed [...]
Wed, 15 Jul 09
OCW ActiveX Exploit Follows MPEG2TuneRequest’s Lead
http://blog.trendmicro.com/ocw-activex-exploit-follows-mpeg2tunerequest%e2%80%99s-lead/
Barely a few days after the last Microsoft zero-day exploit and out comes another, this time attacking vulnerabilities in the OS’s Office Web Components Spreadsheet ActiveX control (OCW 10 and OCW 11). As if on cue for the next round of Patch Tuesday releases, the cybercriminals also released their own “updates” with this attack.““This vulnerability [...]
Fri, 10 Jul 09
Koobface Increases Twitter Activity
http://blog.trendmicro.com/koobface-increases-twitter-activity/
Just a few hours ago, Koobface has increased its Twitter activity, sending out tweets with different URL links pointing to Koobface malware.This is in contrast with previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used.As of writing, there are a couple of hunded Twitter users affected by Koobface in the past [...]
Fri, 10 Jul 09
MYDOOM Code Re-Used in DDoS on U.S. and South Korean Sites
http://blog.trendmicro.com/mydoom-code-re-used-in-ddos-on-u-s-and-south-korean-sites/
A worm designed to propagate through email is the main proponent used in the DDoS attacks against high-profile websites in the United States and South Korea.Detected as WORM_MYDOOM.EA by Trend Micro, it is suspected to have arrived in victims’ inboxes as an attachment to email messages. Upon execution, it registers itself as a system service (like [...]
Thu, 9 Jul 09
ColdFusion Spurs Another Mass Compromise
http://blog.trendmicro.com/coldfusion-spurs-another-mass-compromise/
June saw more than its fair share of mass-compromised websites—with one wave early in the month and Nine Ball hitting later on in the month. One would hope that July would be different, but it was not to be.Last week saw another wave of compromised websites that had one thing in common—they were all running [...]
Thu, 9 Jul 09
Click Fraud Takes a Step Forward with TROJ_FFSEARCH
http://blog.trendmicro.com/click-fraud-takes-a-step-forward-with-troj_ffsearch/
Earlier this month, TrendLabs security experts discovered that around 40,000 websites have been hacked and seeded with code that bombarded visitors’ PCs with countless browser exploits to install a Trojan, which we already detected as TROJ_FFSEARCH.A. This Trojan has been found to be among the malware installed by another threat. It is known as FFSearcher, [...]
Tue, 7 Jul 09
Zero-day MPEG2TuneRequest Exploit Leads to KILLAV
http://blog.trendmicro.com/zero-day-microsoft-directshow-mpeg2tunerequest-exploit-leads-to-killav-malware/
Earlier today, TrendLabs has been alerted of a zero-day exploit in the Microsoft Video streaming ActiveX control MsVidCtl. Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit. Trend Micro detects it as JS_DLOADER.BD. [...]
Sun, 5 Jul 09
WALEDAC celebrates Independence Day, too
http://blog.trendmicro.com/waledac-celebrates-independence-day-too/
Holidays are almost always the target of significant spam and malware attacks, and this Fourth of July is turning out to be little different. A new WALEDAC variant – detected as WORM_WALEDAC.DU – has been sending out Independence Day spam messages. (In fact, last year there were multiple fourth of July attacks, one of which [...]
Fri, 3 Jul 09
Gumblar Invades Best Buy
http://blog.trendmicro.com/gumblar-invades-best-buy/
Earlier today, Trend Micro Technical Account Manager Fioravante Souza in Brazil spotted a (potentially harmful) URL that redirects users from the Best Buy domain site.Users who visit www.bestbuy.com, as it turns out, are redirected to the URL, hxxp://pics. bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba599301f (hxxp = http, and without the spaces). The compromised page in the domain is found to [...]
Fri, 3 Jul 09
Spam Speculates Michael Jackson’s Murder
http://blog.trendmicro.com/spam-speculates-michael-jacksons-murder/
Michael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject Who killed Michael Jackson?, coming from a sender named x-files.The spam message suggests that the icon was killed, [...]
Thu, 2 Jul 09
Three Months Later: Where’s DOWNAD?
http://blog.trendmicro.com/three-months-later-wheres-downad/
Exactly three months ago, the whole IT sector was waiting with bated breath for April 1. The latest DOWNAD/Conficker variant–WORM_DOWNAD.KK–was poised to strike. We know that on that day, it would attempt to access 500 of 50,000 websites and download new malicious files. This led to fears–somewhat misplaced–that new, possibly damaging payloads could cause severe [...]
Wed, 1 Jul 09
To *** or Not to Mask: Usability Versus Security in Password Masking
http://blog.trendmicro.com/to-or-not-to-mask-usability-versus-security-in-password-masking/
On June 23, Jakob Nielsen posted an article declaring that password masking on the user interface is more harmful in terms of usability than helpful to the security of an application to which Bruce Schneier, in a June 26 blog post agreed. Both argued that masking the characters when a user enters a password is [...]