Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Tue, 30 Mar 10
Search for News on Moscow Subway Explosions Result in FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Rs7FP12hayk/
News of a twin bombing attack in Russia shocked the world on Monday morning as two female suicide bombers blew themselves up in Moscow subway stations. According to news reports, the attacks killed at least 38 and wounded more than 60 people. Jumping at the chance to make profit from terrible events, cybercriminals quickly picked [...]
Fri, 26 Mar 10
New Fake IRS Email Notice Leads to ZBOT
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/033X57Sz2vc/
TrendLabs engineers received spammed messages claiming to come from the Internal Revenue Service (IRS). The email message warns recipients of either under-reporting, or not reporting, their incomes in line with the tax season (April). It asks users to click the embedded link to correct the supposed errors.Once clicked, the URL leads users to download a [...]
Fri, 26 Mar 10
Shanghai Expo Spam Carries Backdoor
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TAKoCv4chLQ/
Trend Micro senior advanced threats researcher Paul Ferguson received a spam claiming to be from the Bureau of the Shanghai World Expo, which is coordinating “Expo 2010,” from a technology news group journalist who actually received it.The spammed message contains a malicious attachment detected by Trend Micro as TROJ_PIDIEF.ACV. This malicious .PDF file exploits a [...]
Fri, 26 Mar 10
Spammers Spoof the Apple Store
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sOQz-09KbGg/
Cybercriminals—spammers, to be specific—typically hide their malicious intent behind well-known company names. Just recently, TrendLabs engineers encountered a spammed message claiming to be from the Apple Store.The email message encouraged users to view their latest status updates and to make changes to their online Apple Store orders. This new spam run is probably related to [...]
Fri, 26 Mar 10
Anne Curtis’ “Nip-Slip” Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/exGwPdCCnxQ/
Recent news of a swimsuit mishap involving a popular Philippine TV personality, Anne Curtis, spread like wildfire when members of the press captured the said incident and circulated supposed videos over the Web. The incident happened last Sunday while the Australian-born TV host and movie actress was performing a dance number while shooting live for [...]
Thu, 25 Mar 10
Anne Curtis’ “Nip-Slip” Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MLVEEkR292o/
Recent news of a swimsuit mishap involving a popular Philippine TV personality, Anne Curtis, spread like wildfire when members of the press captured the said incident and circulated supposed videos over the Web. The incident happened last Sunday while the Australian-born TV host and movie actress was performing a dance number while shooting live for [...]
Thu, 25 Mar 10
Spam with “Pictures” Used to Spread ZBOT
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lL_elr3O-Y4/
Advanced threats researcher Ivan Macalintal spotted a fresh wave of spammed messages that were used to spread another ZBOT variant of the infamous ZeuS botnet. These messages warned users that a “jerk” posted photos of them and contained a link to the said images.Note that the spammed messages appear to be from innocent users that [...]
Thu, 25 Mar 10
New Scareware Tactic Lures in More FAKEAV Buyers
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OHpRy_Xx41I/
TrendLabs recently received a new FAKEAV sample, which we now detect as TROJ_FAKEAV.BLW. Like previous variants, it poses as a legitimate antivirus application that displays false detections, disables firewall and security center functions, and produces pop-up warnings to force affected users to purchase rogue antivirus software.Unlike its predecessors, however, this sample uses the file name [...]
Wed, 24 Mar 10
New Zbot Variants Targeting European Banks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kDOfC1-wKD8/
Today, Trend Micro threat researchers ran across a new ZBOT variant that is targeting (mainly) 4 European countries’ banking systems in Italy, England, Germany, and France.Trend Micro detects this variant as TROJ_ZBOT.BYP. It targets major consumer European Banks and financial institutions with a high-profile clientele. The targeted companies include the major UniCredit Group subsidiary Bank [...]
Wed, 24 Mar 10
Keep Systems Safe: Patch Alternative Browsers
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/S82rcoqGjNk/
As alternative browsers battle for the top spot in the market, they also face the challenge of staying secure due to the increased demand for them to provide users a safe computing experience.Several popular browsers were recently found to have significant security flaws. Topping the list was Internet Explorer (IE), which was found to [...]
Mon, 22 Mar 10
Malicious Medical Ads Flood Users’ Inboxes
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XK7RgZrc2dY/
TrendLabs observed an increase in malicious medical advertisements spammed to users’ e-mail inboxes. Two of the samples our engineers obtained looked legitimate, even had professional-looking graphics (see Figures 1 and 2). Another was just the normal, everyday, plain-text spam (see Figure 3).The spammed messages enticed recipients to purchase the medicines the scammers were selling. These [...]
Mon, 22 Mar 10
FAKEAV with LSP Routine
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fhTvqsiiqoE/
Trend Micro came across a new FAKEAV variant that does not only perform the usual fake alert routine, but also downloads an additional component—a .DLL file that is inserted into the Layered Service Provider (LSP) chain.By inserting itself into the LSP chain, the said .DLL file will be loaded whenever an application uses Windows Socket [...]
Wed, 17 Mar 10
Malicious Ads Lead to PDF Exploits
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XrtVn7LEQRI/
TrendLabs researchers recently received a report on malvertisements that appeared while a user was browsing through a popular Web-based email service.At first glance, the ads may seem like the typical Web browser nuisance. However, random ads were proven to be vectors for downloading malware onto users’ systems. In one instance, an ad pointed to a [...]
Wed, 17 Mar 10
“Obama Accident” Instant Messages Used to Spread Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/jhkVjEDcWww/
A new attack spreading BUZUS malware via Windows Live Messenger has been spotted. Trend Micro researcher Loucif Kharouni spotted the messages spreading via the popular instant-messaging (IM) application, samples of which can be seen below.The text before the links are in French and tells users to click the link that follows. Some of these links [...]
Mon, 15 Mar 10
Pacquiao-Clottey Live Streams Lead to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/oaBLeF6--Wo/
The Saturday night boxing match between Manny Pacquiao and Joshua Clottey was one of the most awaited sports events of 2010. It should not be a surprise then that cybercriminals took advantage of it to spread malware. Another blackhat search engine optimization (SEO) attack led users who wanted to watch the fight online via live [...]
Mon, 15 Mar 10
Search for News on Corey Haim’s Death Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OK_4qTI7mrE/
For cybercriminals, another celebrity’s death means a new life for their scams. Earlier today, we discovered new FAKEAV variants that take advantage of the death of the former Canadian teen idol, Corey Haim.Using blackhat search engine optimization (SEO) techniques, a simple Google search for news on Corey Haim’s funeral gives out malicious links in the [...]
Sat, 13 Mar 10
Malware Gets Smart with Vodafone Smartphone
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6m_3c01c5Gg/
Security researchers recently unveiled findings about malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware. A leading mobile telecommunication company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of [...]
Sat, 13 Mar 10
More Adobe Exploits in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Hjr-rJn_9Pw/
Researchers from Microsoft recently unearthed exploits targeting the CVE-2010-0188 vulnerability.On February 16, Adobe released a security advisory describing a vulnerability in Adobe Reader and Acrobat 8.X and 9.X. Once the vulnerability is exploited, attackers gain the capability to perform denial-of-service (DoS) attacks on affected systems. Doing so can cause applications and even systems to crash. [...]
Thu, 11 Mar 10
New IE Zero-Day Exploit (CVE-2010-0806)
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mWNKXYnVHXs/
Hot on the heels of this month’s security bulletin, a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway. This Internet Explorer (IE) vulnerability exists due to an invalid pointer reference bug [...]
Thu, 11 Mar 10
Multiple Vendors Affected by New Vulnerabilities
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/a-Ft2Z3khzE/
The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal. This can enable cybercriminals to gain more leverage in their attacks, allowing them to target a considerably large number of users while these vulnerabilities remain unpatched.As part of its regular Patch Tuesday schedule, Microsoft released two security fixes [...]
Wed, 10 Mar 10
iPad Giveaway Gives Users’ Identities Away
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-lQVVXLzvec/
April 3 cannot come soon enough for those who are eager to get their hands on the iPad. If anything, Apple’s recent announcement that the gadget will soon be available in the United States only added to the excitement over the much-talked-about gadget. Unfortunately, spammers are using the current enthusiasm over the iPad to their [...]
Wed, 10 Mar 10
Oscars 2010 Awards Users with FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/IjH40N0vevg/
It seems that fans around the world are not the only ones who are hooked on the Oscars. Just a day after this year’s Academy Awards, Trend Micro threat researchers found FAKEAV variants topbilling the search pages.This time around, users searching for news on the Oscars fell prey to the latest blackhat search engine optimization (SEO) [...]
Tue, 9 Mar 10
USB Battery Chargers with Malware?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZYR6ad09v_0/
The United States Computer Emergency Readiness Team (US-CERT) issued a new vulnerability note. However, this particular “vulnerability” concerns a rather unusual product—a USB charger for rechargeable batteries.The Energizer DUO is a charger for two AA or AAA batteries that can be plugged into USB ports. While no software is needed to use the charger, Energizer [...]
Tue, 9 Mar 10
Diet Twitter Spam (on the) Run
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qZYuosqWHgI/
Spam about diet or weight loss plans have been around for ages now, mostly spreading through email. However, spammed messages recently made their rounds on Twitter, compromising unwitting users’ accounts and spreading via these infected accounts.Compromised Twitter accounts post Tweets that tell their followers to click the shortened link to try out a new diet/weight [...]
Tue, 9 Mar 10
Insight: AMTSO’s Reviews
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ec9Pnbqy8o8/
Some time ago (February 25–26), the Anti-Malware Testing Standard Organization (AMTSO) had its first meeting this year. This time, it was hosted by McAfee and took place in Santa Clara, California.One of the hot topics during the meeting was related to the initiative to review reports published by testing and certification organizations/companies.How was this process [...]
Fri, 5 Mar 10
Mariposa Botnet Perpetrators Captured
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SfD2s3dxY9Y/
Following the shutdown of the Mariposa botnet recently, three alleged members of the group behind the said botnet were finally arrested last week by the Spanish Police, although they are still pursuing another suspect that may still be at large somewhere in South America.The Mariposa botnet was one of the largest botnets to date. It [...]
Fri, 5 Mar 10
What’s the Juice on ZeuS?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eKBo6sRxtW4/
TrendLabs researchers recently published their findings on ZeuS, a botnet that is again making the headlines in today’s threat landscape.ZeuS: A Persistent Criminal EnterpriseZeuS has been entrenched in the cybercriminal business for a long time now and has continuously evolved and improved. Given the vast number of toolkit versions readily available in the underground, the [...]
Thu, 4 Mar 10
New Exploit Bypasses DEP
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZzblBgQ7otg/
Another Proof-of-Concept (POC) RevealedThe changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows’ Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR).Both [...]
Thu, 4 Mar 10
Web Reputation Checks Gone Awry
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XF3pWz0zuk0/
As the security industry evolves, underground cybercriminals are constantly looking for ways to counter the technology challenges presented to them. I recently found out that the bad guys have begun offering services to track the blacklisting of domain names through reputation checks. The number of “businesses” offering this type of service is growing and the service itself has [...]
Wed, 3 Mar 10
Text Spam and Text Scams
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MWlidvUD7IE/
Text scams are increasingly becoming common again due to the forthcoming Philippine national and local elections, as political campaigns take to rampant text messaging for faster political mobilization. Earlier, I received a text message with the following content:May GOD bountifuly bles u & ur family. Have a blissful day Fr Frends of UNI-MAD Party List, [...]
Wed, 3 Mar 10
Calling Windows Help May Lead to Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TLRlvLsHCpc/
Asking for help in Windows could lead to more trouble.A newly discovered vulnerability in Internet Explorer (IE) leverages the ability of a Visual Basic script to invoke a .HLP (Windows Help file format) file, which could give a remote attacker the ability to run arbitrary code on an affected system.Visual Basic uses the following syntax [...]
Tue, 2 Mar 10
Botnet Rises in the Name of Chuck Norris
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xdRo6W1jBBE/
Just when you think old-school network bots are dead, a group of cybercriminals revives them from them grave in the name of Chuck Norris. Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL [...]
Tue, 2 Mar 10
ZeuS and PDF Exploits: Two Baddies Team Up
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/LHtn36A46k8/
Trend Micro recently came across a .PDF file sample that exploits a vulnerability that was discovered as early as mid-2009. The specially crafted .PDF file detected as TROJ_PIDIEF.SML contains malicious JavaScript in its code that uses the getAnnots() method to corrupt an affected system’s memory.It is interesting to note that its final payload is [...]
Tue, 2 Mar 10
Spam Quarantine Notification = Spam
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/r6m-XeTueLU/
Spammers are clearly becoming more and more creative as they try new ways to bypass our anti-spam filters. Just recently, we received a spammed message disguised as a spam quarantine notification message from a competitor.To the untrained eye, the email looks quite convincing. However, closer inspection of the message properties reveals that while the email [...]
Tue, 2 Mar 10
Spammers Target Antivirus Companies
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/m5jDin_rdLc/
A new wave of spammed messages posing as mail service notifications targeted antivirus companies, including Trend Micro. These messages ask the receivers to update their mailbox settings by opening and executing the attachment.The two samples above TrendLabs obtained were sent to domains that belonged to Trend Micro. The file attachment does not contain any mailbox [...]
Tue, 2 Mar 10
Chile Earthquake Used for Blackhat SEO and FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3dACVAFQaRw/
Where news leads, cybercriminals follow. Over the weekend, a massive earthquake hit Chile and killed hundreds of people. This, of course, was soon followed by a blackhat SEO attack that successfully placed multiple malicious links leading to FAKEAV malware on top of the search results for “chile earthquake 2010 wiki.”According to Senior Threat Analyst, Joseph [...]
Tue, 2 Mar 10
KOOBFACE Makes a Comeback
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JRQmuhPcXnA/
A new KOOBFACE variant is again making the rounds in the social-networking scene. According to Trend Micro researcher, Norman Ingal, the malware employs Facebook’s Private Message feature to proliferate.The threat arrives as a Facebook private message that does not bear a subject but contains a supposed link to a YouTube video. Taking a closer look [...]
Tue, 2 Mar 10
Phishing Made “Super”
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8BkpAUlsjJc/
Phishing and its effects, namely, identity fraud, continue to grow. Unfortunately, it is now easier than ever to carry out these kinds of attacks.Cybercriminals are now using a new tool known as “Super Phisher” (detected by Trend Micro as HKTL_SUPERPHISER) has been released, which creates a phishing page from a legitimate website.The tool creates all [...]
Tue, 2 Mar 10
The Buzz on Google Buzz Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FsBd8-rwrEI/
Google recently announced its latest service Google Buzz, which is considered as the company’s first step in entering the social-networking scene. Naturally, hordes of Internet users became interested in the new application. But such buzz also gained unwanted attention from cybercriminals who already used the service to spread a malware detected by Trend Micro as [...]
Mon, 1 Mar 10
FAKEAV Rides on the Back of a Killer Whale
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/YbMm-fL7As4/
News of a performer killer whale allegedly killing its trainer made the headlines this week. Dawn Branchaeu, an animal trainer in SeaWorld Florida, was attacked by one of the trained killer whales last Wednesday. This sad event, unfortunately, paved the way for cybercriminals to distribute another FAKEAV variant.With the usual blackhat search engine optimization (SEO) techniques, [...]