Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Wed, 30 Sep 09
Tropical Storm Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/jHznTkBUdXs/
Cybercriminals leveraged on the tropical storm, Ondoy (International name: Ketsana) that hit the Philippines and killed around 140 people. Senior Threat Analyst Joseph Pacamarra found several malicious sites that appeared each time the users search the strings, “manila flood,” “Ondoy Typhoon,” and “Philippines Flood,” among others. The said sites emerged as one of the top [...]
Tue, 29 Sep 09
Several Compromised Thai Sites Serve Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nwQuDGkdFAs/
Trend Micro researchers discovered another wave of mass compromised websites involving several Thai government agencies’ sites. One of the compromised sites, the Thai Police site, was injected with malicious codes to redirect users to several malicious sites. One of the landing pages, http://{BLOCKED}t.ru/ip/bchqu1.exe served a downloader detected by Trend Micro as TROJ_DLOADER.DNG. This Trojan downloader [...]
Tue, 29 Sep 09
Fake Windows Live Malware Spreads via Email
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1fhkYICuWw8/
Trend Micro threat analysts recently snagged an email pushing a bogus Windows Live Messenger residing in http://{BLOCKED}s-live-msn.serveftp.com/Windows_Live_9.0_beta.exe (detected as WORM_VB.PAB). The .EXE file is, of course, not the “real” Windows Live Messenger but a bot that reports to an IRC-based C&C with the following details about the infected system:Server: {BLOCKED}s.rvsanmiguel.comServer IP: {BLOCKED}.{BLOCKED}.110.141Port: 6767Serverkey: m4s3rvp4sszChannel: #s3k4ntChankey: [...]
Fri, 25 Sep 09
Bogus Sponsored Link Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wSVydoEJo-0/
Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were alerted to malicious search engine ads that appeared in Microsoft’s Bing and AltaVista, among others, when a user searches the string “malwarebytes.” (Malwarebytes is a free antivirus product, but of course, not a [...]
Wed, 23 Sep 09
How to Maximize the Malware Protection of Your Removable Drives
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/AyebsLuNFCg/
Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.One popular way of [...]
Wed, 23 Sep 09
Blackhat SEO and FAKEAV: A Dangerous Tandem
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v2yZHsiSLIM/
Trend Micro researchers were alerted of blackhat SEO campaigns that led to FAKEAV or rogue antivirus. The cybercriminals behind these attacks hitchhiked on high profile news like the recent death of Patrick Swayze, Kanye West’s infamous interruption on MTV VMA awards, and the death of Yale student Anne Le.Upon further analysis, our researchers discovered that [...]
Fri, 18 Sep 09
Pick Your Poison: KOOBFACE or FAKEAV?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CwmiaDQcxmY/
The Koobface botnet is widely known to install FAKEAV or rogue antivirus malware onto a victim’s PC. It has a dedicated component which actually installs the FAKEAV onto the user’s system. However, the Koobface gang has added a new twist to its fake Facebook page.When the user closes the window/tab with the fake Facebook page, [...]
Thu, 17 Sep 09
Social Engineering Watch: Another IRS Scam
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Exm8wvTZvbI/
Trend Micro warns users of the latest spam campaign that targets US taxpayers with Foreign Bank and Financial accounts. The said spam rides on the September 23 extended deadline set by the Internal Revenue Service (IRS) for filing ‘FBAR’ or the Report of Foreign Bank and Financial Accounts.The spammed message bears the subject “Notice [...]
Thu, 17 Sep 09
Internet Payment Site ClickandBuy Phished
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TNaQ266TyHo/
We have encountered a new phishing scam that targets ClickandBuy. The London-based competitor to eBay offers both billing ang payment solutions, so it’s no surprise cybercriminals would be interested in stealing the login information of ClickandBuy users. Phishers have created a duplicate of a legitimate German-language ClickandBuy login page on at least one malicious website. [...]
Thu, 17 Sep 09
The Internet Infestation, How Bad Is It Really?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SHDNEE0wzZ4/
Industry experts have previously estimated that, on average, a compromised machine remains infected for 6 weeks. However, our latest research indicates that this estimate is far from accurate. During the analysis of approximately 100 million compromised IP addresses, we identified that half of all IP addresses were infected for at least 300 days. That percentage [...]
Wed, 16 Sep 09
Malvertisements in NYTimes.com Lead to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-MIXfEZWsFY/
People who get their regular dose of news from the New York Times website were recently told to be careful when browsing through the said site as malicious advertisements—also known as “malvertisements”—are found on its pages and are displaying pop-up windows that falsely report malware infections on their systems.As reported in detail by Trend Micro researcher [...]
Tue, 15 Sep 09
“See Who Blocked You on MSN” Phishing Attacks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/IFjgF8RoQ0w/
We have received samples of a new phishing mail targeting users of MSN Messenger inviting them to see who deleted or blocked them from their contact list. Users would be interested to know who among their friends have deleted them from their lists.Figure 1. Phishing emailClicking on the link displays the following fake login page [...]
Tue, 15 Sep 09
Bogus Profile in LinkedIn Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/NcbcHef_Xbo/
Research Manager Ivan Macalintal found a bogus profile in LinkedIn that appears as one of the search results when the keyword “obama” is used.Cybercriminals riddled the profile page with links. The .cn links lead to a URL under the y0utybe domain (notice similarity with the legitimate video-sharing site), which in turn leads to a URL [...]
Fri, 11 Sep 09
FakeAV for 9/11
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TnSdmO9NVdk/
As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint.Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search [...]
Fri, 11 Sep 09
Heads Up For Holiday Spam
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/2DcrYP91kDw/
September signals the onset of holidays and as early as this month, spammers are already gearing up for the said season as they “spamvertise” their products.Just recently, Trend Micro discovered several spammed messages that used “Christmas” as its subject. The said spam email entices users to avail the “best gift” for their loved ones by [...]
Thu, 10 Sep 09
September Patch Tuesday Fixes 5 Vulnerabilities; Leaves One Open
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/IynSqPfJbbQ/
Microsoft’s monthly patch cycle for September has come out, and it’s something of a mixed bag for users. While there were only 5 advisories, all of them were rated as Critical by Microsoft, because if exploited all five could be used to execute arbitrary code on user systems.The patches fix vulnerabilities in the JScript Scripting [...]
Sun, 6 Sep 09
Fake Presidential Swine Flu Stories Lead to Malware
http://blog.trendmicro.com/fake-presidential-swine-flu-stories-lead-to-malware/
No one is absolutely safe from Influenza H1N1, not even world leaders.This is the scenario painted by cybercriminals in their latest spam run. The spammed message informs recipients that the President of Peru, Alan Gabriel Ludwig García Pérez, and other attendees of the delegation of UNASUR (Union of South American Nations) summit have confirmed cases [...]
Fri, 4 Sep 09
California Bush Fires Spark Blackhat SEO Campaigns
http://blog.trendmicro.com/california-bush-fires-spark-blackhat-seo-campaigns/
The California bush fires that destroyed 50 homes and 10 commercial buildings and claimed the lives of two firefighters have become the focus of cybercriminals’ latest social engineering ploy.Users looking for information about the fires in Auburn on the Web with search terms like “auburn fire map” are met by results that point to malware-ridden [...]