Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Fri, 28 May 10
Windows WMI Abused for Malware Operations
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J4Jrt1Q3cEU/
TrendLabsSM recently handled a client case last March wherein two peculiar malware leveraged a Windows service—Windows Management Instrumentation (WMI)—to execute their malicious routines.WMI lets users access and retrieve information about their OSs. It is particularly useful for administrators, especially in enterprise environments, as it manages applications found on systems connected to a network using any [...]
Thu, 27 May 10
Latest Online Scam Targets FIFA Fans
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/z3cLBT7jKfc/
The upcoming “2010 FIFA World Cup” in South Africa is one of the most highly anticipated events in sports history today. As expected, cybercriminals have been using this event as another means for their endless string of profiteering schemes.TrendLabsSM engineers discovered two separate spam runs leveraging the said event. The first spam sample (see Figure [...]
Wed, 26 May 10
The Evolution of KOOBFACE: A Web 2.0 Botnet
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/f9kL1U445jU/
The KOOBFACE botnet continuously evolves to keep on generating profit for its perpetrators. The fact that the botnet is still alive shows that the cybercriminals behind it are making a fortune off it.In our effort to conduct research on and to monitor the latest developments made to the KOOBFACE botnet, we have noticed several changes [...]
Wed, 26 May 10
Phishing Scam Targets Italian Bank
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4aP2iHUUisQ/
Italian bank Banca Popolare di Sondrio has become phishers’ new target with the discovery of a spammed message containing a link to the supposed bank’s Internet banking site, SCRIGNO.As with previous bank-related phishing attempts, clicking the link leads users to a site that looks very much like the legitimate Internet service’s login page. The site [...]
Sat, 22 May 10
Mebroot Variant Behaves Like TDSS
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nPGhI9WVfls/
The TDSS malware family in itself is already a big threat to users. Known for its rootkit capabilities, TDSS constantly evolves to include more sophisticated means in order to hide its presence in an affected system. The Mebroot malware family, on the other hand, is noted for inflicting master boot record (MBR) infections.TrendLabsSM engineers recently [...]
Wed, 19 May 10
New AutoRun Worms Utilize Action Key
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/U3SnUAQDNMw/
Autorun.inf is prevalently used by worms as an autostart technique. Through this file, the worm is able to automatically execute whenever an infected drive is accessed. Over time, users have been able to think of workarounds to manually remove the malware file while preventing it from executing. Some of these are:Using command prompt to manually [...]
Mon, 17 May 10
Spam Sends Malicious Links to Skype Users
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dr6Ho7mNW8I/
TrendLabsSM engineers recently discovered a new Skype spam campaign. The spam arrives as a message from a user’s list of contacts. It contains a list of links with the domain {BLOCKED}4.171.116, most of which are already inactive.One of these links has been found to lead to the download of a malicious file detected by Trend [...]
Fri, 14 May 10
Your Tweet Is My Command
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JfNfam00vAo/
A Twitter bot builder is currently being freely distributed on the Internet with the capability to attack users’ systems and to have some fun at the same time. It may, however, act as a threat when an attacker uses the tool to start a distributed denial-of-service attack (DDoS) on critical systems and to download malicious [...]
Fri, 14 May 10
Dubious JavaScript Code Found in Facebook Application
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/a33iAz2ilkA/
“Liking” a fan page or a group on just about every page you stumble on Facebook may backfire someday and you’ll wish you hadn’t “liked” it at all.TrendLabsSM engineers found a dubious Facebook page that uses JavaScript code to spam everyone in a user’s Friends list.The page called “10 lies girls ALWAYS tell guys! funny!” [...]
Thu, 13 May 10
The Frustrations of Attempting Malicious Notifications
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/oDTmrqYhke8/
I hate to single out individual countries, organizations, ISPs, or any other entity but I have to tell you—my head almost explodes when I run into barriers in trying to contact the responsible organization where I see criminal activity.Now sure, I see criminal activity in a lot of places, granted. It is almost endemic in [...]
Thu, 13 May 10
CV Spam Comes with a Malicious Attachment
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GY2XGD_Ku_Q/
A new spam campaign has been discovered spoofing job-application-related emails. While most spammed messages have been known to take advantage of a specific occasion, a holiday, or even a currently newsworthy item, spammers have hit a new low with this scheme.The sample in Figure 1 contains a short body text that says “Please review my [...]
Thu, 13 May 10
Microsoft and Adobe Release Fixes in May Patch Tuesday
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/vrVUHPxLOnk/
Microsoft released two critical security advisories as part of its May Patch Tuesday. In addition to the advanced notification it released last Thursday, Microsoft has addressed the vulnerabilities with this batch of patches.MS10-030 deals with a privately reported vulnerability plaguing Outlook Express, Windows Mail, and Windows Live Mail, which can allow remote code execution if [...]
Wed, 12 May 10
New Vulnerabilities Found in Apple Safari and Opera
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/DYZ9Bq1BPug/
Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers, particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well.Trend Micro researcher Rajiv Motwani reports that there have been a lot [...]
Tue, 11 May 10
Pirate Worm Sails the P2P Bay
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8H5qrgANOrE/
TrendLabsSM engineers recently spotted a new worm leveraging peer-to-peer (P2P) applications similar to the threat that displays copyright violation warnings. The new worm detected by Trend Micro as WORM_PITUPI.K solves the typical problem that P2P worms face, that is, hard-coded file names used to trick users by pretending to be cracks, key generators, or actual [...]
Tue, 11 May 10
Fake iTunes Promo Gives Away Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/02svSne1hjs/
Promises of freebies and other enticing promos are just a few of the tricks cybercriminals use to lure users to their profiteering schemes. TrendLabsSM engineers recently discovered suspicious-looking emails pretending to come from the iTunes Store. The spoofed email tells users they won a gift certificate worth US$50 and encourages recipients to check out the certificate code in the [...]
Tue, 11 May 10
Fake Pharma Ads Flood Inboxes Again
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eT8kNbpGAWs/
TrendLabsSM engineers noted an increase in the number of fake pharma ads spam in the past few days. As in previous cases, this slew of spam features professional-looking images to persuade users to purchase the “medicines” scammers are peddling online.Samples of these messages look like a newsletter and feature a clickable image that directs users to a malicious pharmaceutical site. Although [...]
Mon, 10 May 10
Microsoft Released Early Notice for May Patch Tuesday
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ow9sa5eaqDA/
Coming May 11, Tuesday, Microsoft will be releasing its monthly patch updates, and last Thursday, the company released an advance notification in its Microsoft TechNet site for the updates. Note that these advanced notifications aim to allow Microsoft users to make deployment plans ahead of time. It commonly contains a summary of the security updates [...]
Mon, 10 May 10
Fake HiJackThis Toolbar Serves Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KqYG1sMR1Q8/
HijackThis is a free tool Trend Micro offers as a courtesy to end users—customers and non-customers alike. It helps users evaluate their machines for possible infections by generating in-depth log reports for Windows operated systems. It also incorporates several useful tools that can help manually remove malware from infected computers.Over time, HijackThis continuously became more [...]
Sun, 9 May 10
2010 FIFA World Cup Spam Strikes Again
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/DC7L16CdfVA/
With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.The spam carried a .PDF file attachment which was [...]
Sat, 8 May 10
Spam Greets Users with a Backdoor
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/82K4z75gPzA/
The only thing worse than receiving a spammed greeting card is a one that comes with malware. TrendLabs SM senior advanced threats researcher Loucif Kharouni recently acquired a sample spam in the form of an online greeting card. The said card urges recipients to check out the greeting card by clicking the image. Users who [...]
Sat, 8 May 10
Malicious .SWF File May Trigger a DoS Attack
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gxZcXzj6Wic/
TrendLabs SM engineers recently discovered an interesting Shockwave Flash (.SWF) file that displays an image and downloads a worm with code capable of initiating a denial-of-service (DoS) attack.The file detected as SWF_PALEVO.KK is hosted on a malicious site and runs whenever users access the site. Once loaded, it displays a screenshot of a YouTube video. The [...]
Thu, 6 May 10
Spammers Celebrate Mothers’ Day
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/yymbSgwo4ng/
May 10 is Mothers’ Day for most countries all over the world. As a perfect gift on this particular holiday, spammers decided to honor mothers by spamming e-cards from supposedly legitimate greeting card companies to distribute their malicious wares. Figure 1 shows an email in HTML format using a template from Florists’ Transworld Delivery (FTD), [...]
Wed, 5 May 10
Remembering the Love Bug 10 Years On
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tC1v2fzgT1E/
May 4, 2000 hit the world with what was then the biggest ever computer virus. It was important that this, along with all other email viruses, was right out in the open, visible to everyone. Each user could see the email in question and after a couple of days, every user knew it was a virus and [...]
Wed, 5 May 10
.RTF File Conceals Spam
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Y8QUbfhyda4/
A few days ago, TrendLabsSM engineers received spam containing salad words (see Figure 1) along with a .ZIP file attachment (see Figure 2). This mixture of random words can be seen in the subject header and in the spam body. This was purposely done by spammers to bypass anti-spam filters that users may already be [...]
Sun, 2 May 10
Amazon Spam Targets Online Shoppers
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ocAVPH7mbeg/
TrendLabsSM security researchers recently noted an increase in the volume of spammed messages posing as newsletters from Amazon. These email messages even sported a supposed Amazon email address, {BLOCKED}ers@amazon.com, to make them look more credible.The messages even featured various product endorsements to fool recipients into thinking they were legitimate. Clicking the images [...]