Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Thu, 28 Jan 10
Haiti Spam Leads to New Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bg1uk-QZ7NU/
As rescue efforts continue in Haiti, the world waits with bated breath for more good news about survivors. Unfortunately, while most people are thinking of ways to help victims, cybercriminals are using the tragedy to further their own malicious causes. Blackhat search engine optimization (SEO) poisoning attacks related to this tragedy have already led to [...]
Thu, 28 Jan 10
FAKEAV Gets First Dibs in Profits from Apple iPad
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0jFc73pxrUU/
Even before the first user could buy the latest and upcoming Apple technology, the iPad, cybercriminals are already making profit from its popularity.Trend Micro threat engineers today found some malicious search results while looking for information related to the announcement of the Apple tablet.These poisoned search results turned out to be related to the never-ending [...]
Thu, 28 Jan 10
Hackers Exploit Actor Johnny Depp’s Death Hoax
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1XwN0VY2Wm8/
News involving celebrity deaths (real or hoax) have a habit of spreading across the Internet like wildfire, sensationalizing bits of information to entice readers. So, it is easy to see why pranksters and cybercriminals exploit the fact that people love gossip.So when rumors of Johnny Depp’s supposed death due to a car crash broke out, [...]
Wed, 27 Jan 10
Where in the World Is DOWNAD/Conficker?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Tc03QX8x_48/
It has been a year since WORM_DOWNAD.AD (aka “Conficker”) began a trail of system infections around the world. Since then, Trend Micro has detected new variants, including WORM_DOWNAD.KK, which proved to be an upgraded version that enabled the worm to increase the number of domains it generated from 250 to 50,000.In recent months, things have [...]
Wed, 27 Jan 10
Phishers Target AOL IM Users
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/shT8yQDuWn8/
Trend Micro fraud analysts were recently alerted to the discovery of a new phishing campaign that specifically targets AOL Instant Messenger (AIM) users.The spammed message purports to be from AIM and urges recipients to download and execute the latest AIM version to reactivate their currently inactive accounts.This becomes a problem if the receivers actually have AIM [...]
Wed, 27 Jan 10
Searches for Free Printable Items Lead to Mal-Domains
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GNtNsPUXMrc/
Our analysts from EMEA have found a blackhat SEO attack that uses strings with the phrase “free printable” to hijack search traffic by directing it into a rogue search engine. Our researchers have found that search engine queries using the string “free printable” yield results that include compromised websites. The said compromised websites are rigged [...]
Mon, 25 Jan 10
Trend Micro Proactively Helps Protect Against Zero-Day Attacks Like the Recent IE Exploit
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JSyHYuU9TJs/
The recent attacks on Google and other large organizations (currently being referred to by others as “Aurora,” “Google attacks,” or “HYDRAQ”) refer to a set of carefully orchestrated, sophisticated, and highly complex attacks. They comprised malicious threats to all three communication vectors—email, Web, and files, plus, most notably, a zero-day vulnerability in Internet Explorer (IE). [...]
Mon, 25 Jan 10
Haiti Earthquake Unearths Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/2cTLUlQREGk/
After the earthquake that hit Haiti last January 12, the Internet was flooded with requests for financial donations from all sorts of companies and organizations. It should be noted that not all of these were true to their stated intentions.Martin Roesler, Trend Micro Director of Threat Research, warns Internet users to be very careful when [...]
Fri, 22 Jan 10
New IE Zero-Day Exploit Attacks Continue
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8LapCmO2834/
Trend Micro has identified new malware samples that exploit the still-unpatched Internet Explorer (IE) vulnerability. These samples have been detected as JS_ELECOM.C and HTML_COMLE.CXC. After exploiting the said bug, they attempt to connect to a certain URL to download a file.Further analysis by TrendLabs threat experts found that the new scripts are versions of JS_DLOADER.FIS [...]
Thu, 21 Jan 10
SASFIS Fizzles in the Background
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/b9yabv__f6Q/
The number of systems infected by various SASFIS Trojan variants has been increasing since the end of 2009, affecting networks across the globe. SASFIS variants have recently been spotted in relation to spoofed messages supposedly from Facebook.SASFIS infections usually result in tons of other malware infections, as this particular family makes systems susceptible to botnet [...]
Thu, 21 Jan 10
Phishing in the Guise of Enhancing Security
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XNumG-FVJ4A/
Trend Micro fraud analysts recently came across spammed messages targeting customers of the Fifth Third Bank. The messages urged recipients to log in to a temporary link, http://www.53.com.{BLOCKED}.com.pl/wpserver/cmportal/cblogin.php?session=667882698791972326077742654898739&email=p2t2all@tacobell.com, in order to download and install a digital certificate that would supposedly reinforce the bank’s security. Clicking the link, however, led users to a phishing page that [...]
Wed, 20 Jan 10
Spam Attack Against the U.S. Defense Department Exploits an Adobe Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JkTP8IBsXvI/
Trend Micro was alerted to the discovery of a new attack that exploits a vulnerability in certain Adobe Reader and Acrobat versions. The said vulnerability allows remote attackers to execute arbitrary code via a crafted .PDF file using ZLib compressed streams on Microsoft OS-based systems.Cybercriminals targeted contractors of the U.S. Department of Defense with [...]
Wed, 20 Jan 10
Cyber Attacks on Google and Others—Who Is Really at Risk?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/x8aGvr6fewk/
Recent cyber attacks on Google and other organizations have been greatly covered by the media, owing much to the size and notability of the companies affected. However, what this incident really does is bring to light the true complexity and sophistication of computer threats and that any user or organization—large or small—can potentially be at [...]
Sat, 16 Jan 10
DarkMarket Closes its Doors, Finally
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/vlDs87VtvpA/
Darkmarket closed shop recently. If you hadn’t heard from them, don’t worry much. This web site operating from different places worldwide managed to join all sorts of credit card crooks and provided different levels of seller verification, escrow services and malware consulting.It finally went offline and their owners put in custody thanks to the effort [...]
Fri, 15 Jan 10
Twitterbuilding.com—Stealing Your Passwords One Tweet at a Time
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/m1OhEpFVY1w/
I, like many others, am a big fan of Twitter, although I’m fairly ruthless about pruning those I follow. Most of the people I follow are either other security professionals or close friends and they normally Tweet content that I am genuinely interested in. The first hint of someone going to the dark side, e.g.,In [...]
Fri, 15 Jan 10
Iranian “Cyber Army” Strikes at China’s Search Engine Giant, Chinese Hackers Retaliate
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_6q2M7vwh64/
Less than a month after the so-called “Iranian Cyber Army” reportedly “hacked” the popular micro-blogging site, Twitter, they are back with another attack, this time against another Internet giant, Baidu. Baidu is the China’s most popular search engine, as 62 percent of the total number of Web searches in China are done compared with Google’s [...]
Fri, 15 Jan 10
BANKER Scams New Spam Victims
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PCgjyUEbPL8/
Two new spam campaigns spreading variants of the BANKER family of identity-stealing Trojans have recently emerged. The first campaign features spammed messages containing malicious links to supposed pictures. Once clicked, however, users ended up with TSPY_BANKER.OCN infections. This campaign made use of standalone files (see Figure 1).The second campaign was more elaborate, as the involved [...]
Fri, 15 Jan 10
Search Results in Microsoft’s Site May Lead to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Agd5DDogpRc/
Trend Micro was alerted to the discovery of a recent threat that takes advantage of malicious search results generated from the Microsoft Office’s site.This threat targets users looking for tips and help-related information on using Microsoft Office products on Microsoft’s official website, particularly those looking to delete meeting notices without notifying the other invitees.Using the [...]
Thu, 14 Jan 10
One Patch for January’s Patch Tuesday
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZuVTZSgQJWY/
Following the usual cycle of monthly patch releases, Microsoft just issued its first for this year yesterday. Microsoft has released one advisory to address the vulnerability found in the way the Embedded OpenType (EOT) Font Engine can render a specially crafted EOT font file in several Microsoft applications such as Internet Explorer, PowerPoint, and Word.An [...]
Tue, 12 Jan 10
Bogus IRS W-2 Form Leads to Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/x7xvnk-1Cbg/
After the holidays, spammers now are capitalizing on the upcoming tax season.Recently, Trend Micro threat analysts found spammed messages purporting to come from the Internal Revenue Service (IRS). The spammed message bears the subject, “W-2 Form update,” and informs users to update the said form because of supposed “important changes.” The W-2 form states an employee’s [...]
Fri, 8 Jan 10
Unpatched Adobe Vulnerability Is Still Being Exploited in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rJflk55nHKg/
Another PDF sample that exploits an unpatched vulnerability in Adobe Reader and Acrobat has been spotted in the wild. The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system.When executed, BKDR_POISON.UC opens an [...]
Tue, 5 Jan 10
Can IDN Use Open a Can of Unicode Worms?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/DhLgTc1DXEM/
I recently made up two nonsensical domain names—eixpay.com and eixpay.com—can you spot the difference between them?In a modern Unicode-capable browser, they are likely to appear identical but if you copy and paste each one into a search engine, you will get different results. The domain on the right was created using Cyrillic characters while the [...]
Fri, 1 Jan 10
From Koobface with Love
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CCsrQVwJWLs/
We’ve recieved a lot of positive feedback for our three part paper on Koobface (I, II, III) from all parts of the IT industry, but how the malware authors themselves have chimed in.The Koobface gang (who are attempting to make people believe that they are a legitimate company) have left a Christmas message on each [...]
Fri, 1 Jan 10
Malicious JavaScript Infects Websites
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7GOztBKoLjc/
Trend Micro threat analysts were alerted to the discovery of several compromised websites inserted with a JavaScript. The JavaScript is detected by Trend Micro as JS_AGENT.AOEQ. When executed, JS_AGENT.AOEQ uses a defer attribute, which enables it to delay executing its routine, that is, redirecting the user to several malicious websites. This is done so users will [...]