Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Sat, 31 Jul 10
QuickTime Player Allows Movie Files to Trigger Malware Download
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0P4cf9wpMhc/
QuickTime Player (version 7.6.6) allows movie files to trigger download of files, and cybercriminals are using this to download malware from malicious websites. Trend Micro Threat Research Engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov, salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie, Salt , starring Angelina Jolie. It looks suspicious enough [...]
Thu, 29 Jul 10
A Look at ZBOT 2.0 Information Theft
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/h94Y2HyPZBQ/
TSPY_ZBOT.CQJ is one of the new ZeuS/ZBOT 2.0 variants spotted earlier this year. Let’s take a look at one of the methods it uses to steal users’ banking credentials. These new ZBOT variants intercept the information users enter into a bank’s Web page by inserting predefined JavaScript code into the said page. At present, this [...]
Wed, 28 Jul 10
Redirectors in Compromised Sites Used in Spam Messages
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Spgj_Q8Kom8/
Busy day in TrendLabs today, first the full analysis and news that ZeuS and SALITY are exploiting the Windows Shortcut vulnerability, and now we’ve identified a ton of compromised web sites leading to an “online pharmacy”. We’re currently seeing a wave of fake pharma spam emails which do not directly advertise the URL of the [...]
Wed, 28 Jul 10
ZeuS/ZBOT and SALITY Jump on the LNK Exploit Bandwagon
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_Q_XXHarNSg/
As reported last week, exploits targeting the Windows shortcut zero-day vulnerability have risen in number. It is also now being used to spread ZBOT variants via malicious attachments to spammed messages, now blocked by Trend Micro products, with the subject Microsoft Windows Security Advisory and the following message: The message claims to come from Microsoft [...]
Mon, 26 Jul 10
Avoiding the Whack-a-Mole Anti-Phishing Tactic
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/iL2t_gdqZSs/
Imagine playing a whack-a-mole game where the mole moves to a different hole in the amount of time it takes one to raise and lower a mallet. Instead of just six holes, however, there are millions. Few would want to play such a game. People would rightfully conclude that random attempts to hit the mole [...]
Fri, 23 Jul 10
Exploits for Windows Shortcut Vulnerability in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Yx0A9OmemsI/
Exploits for the recently discovered Windows shortcut vulnerability are now fully out in the wild and affecting users. While earlier samples were seen in more narrowly targeted attacks, the new samples Trend Micro analysts found are now aimed at broader audiences and pose a threat to users at large. Indonesia and India have been particularly [...]
Thu, 22 Jul 10
Spammed IM Link to Fake Facebook Image Leads to Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K2DCBZ1nGo8/
Advanced threats researcher Jonell Baltazar recently spotted an instant message that contains a link to a malicious page. The use of instant messages to spread malware is no longer new; neither is the use of URL shorteners. What is somewhat unusual is how these URL shorteners were used. The URL shortener used in this attack, [...]
Thu, 22 Jul 10
ATMs Now High-Profile Cybercrime Targets
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Jw5xt5MkkUw/
Automated teller machines (ATMs) are now targets for criminals of all sorts. After all, as the famous saying goes, that’s where the money is. One common way to attack ATMs is via skimmers, devices that steal the data encoded on the magnetic strips of ATM cards. They can take a wide variety of form factors, [...]
Tue, 20 Jul 10
The Ticking Time Bomb of IPv6 Migration
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v2kvHq6TPrQ/
Over the past few years, there has been plenty of talk about the exhaustion of IPv4 addresses and the need to adopt IPv6. One thing that is clear is that we will run out of space within 1–2 years, if not sooner. How IPv4 addresses will run out We know how IPv4 addresses will be [...]
Mon, 19 Jul 10
USB Worm Exploits Windows Shortcut Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RfXgE70cQ44/
Just recently, reports were released about a new kind of malware propagating through removable drives. The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system. Microsoft has officially acknowledged the vulnerability and released a security advisory. Our engineers were able to take hold of [...]
Fri, 16 Jul 10
Risks Behind Stolen Email Credentials Remain Unforeseen
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WkAb-F43xic/
I’ve talked many times about security with my least security-minded friends and I’ve stumbled repeatedly on a weird concept some people have about protecting themselves on the Internet. My friends will frequently say something along the lines of, “I don’t really care about this stuff because there is no money linked to my accounts,” or [...]
Thu, 15 Jul 10
Fake YouTube Pages, Flash Installers Used in Blackhat SEO Attacks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3H0QwQmJRrY/
Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use both blackhat SEO and [...]
Wed, 14 Jul 10
July Patch Tuesday Features Four Patches
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/IH40rxAG8XI/
This month’s regularly scheduled Patch Tuesday has arrived and in terms of the number of total bulletins, it’s a fairly light one. Four separate bulletins are part of this month’s cycle, two covering Windows and another two covering Microsoft Office. One of the two Windows security bulletins covers the Help Center zero-day vulnerability that was [...]
Tue, 13 Jul 10
XWM Kit: A Popular Chinese Online Gaming Trojan Kit
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/VsqIEIQ7mhk/
Recently, my colleagues have been reporting about tools cybercriminals used in their operations. They reported about Twitter spam and botnet kits, fake point-of-sale (POS) devices, and distributed denial-of-service (DDoS) tools. This time, I will share some information about yet another tool, one that specifically affects Chinese online gamers. China is well-known for having a huge [...]
Fri, 9 Jul 10
Why Do People Create Internet Hoaxes?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/92Uj0pIn_aA/
An apartment in Moscow… The hacker known only as “DigitalVoid” hit the Enter key and watched as his script deployed the exploit to the thousands of compromised sites under his control. The exploit in question was a zero day for a very popular browser plug-in, and it had not come cheap, setting him back almost [...]
Tue, 6 Jul 10
ZeuS/ZBOT Targets Russian Banks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nHRbUpIlw4U/
While conducting research, I encountered a curious-looking new ZeuS/ZBOT sample using a very old toolkit version. I retrieved the sample two days ago. After some debugging/reversing, I found out that this specific sample targeted several banks around the globe, including Russian banks. Here is a snippet listing down the targeted Russian banks and/or Yandex: @*/login.osmp.ru/* [...]
Mon, 5 Jul 10
KOOBFACE Spreading via Facebook DMs Again
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/vCBAmQXoftM/
The infamous KOOBFACE botnet is sending direct messages (DMs) on Facebook. If this sounds familiar… it should be, as this tactic was previously discussed here in the Malware Blog back in March. The hook is somewhat similar to a ZBOT attack also spotted in March. That attack claimed that someone posted pictures of the user; [...]
Mon, 5 Jul 10
Twitter Kit Out to Make Twitter a Spammers’ Dream
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u_DAHFaLYQ8/
Cybercriminals leveraging social media is now basically a given, especially with users’ current dedication to social media (specifically on social networks). Actually, we’ve reported quite a few instances that prove how cybercriminals used Twitter for their operation, most especially in spamming. Twitter is, of course, fully aware of this. Twitter users have probably even noticed [...]
Sat, 3 Jul 10
SYMBOS_FLOCK.I – Where Does It Come From?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9FkXNUaajL0/
Yesterday we blogged about a new piece of Symbian malware, which we detected as SYMBOS_FLOCK.I. This malware targets users of older Series 60 devices. Overall, the malware itself is very simple in its operation. It first prompts the user to install an application called ZvirOK 5.2!. The name here suggested there are previous versions of [...]
Thu, 1 Jul 10
Security Updates for Adobe Reader and Acrobat
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dhya7SwY3r0/
Adobe released some major security updates for its products, particularly Adobe Reader and Acrobat, on all platforms (Win, Mac OS, Linux) and we strongly encourage our readers to install these updates. For details, the Adobe blog is worth reading as well. This update is in line with a recent zero-day attack that we also reported [...]
Thu, 1 Jul 10
New Symbian Malware on the Scene
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/S8FB8o_c4mY/
New versions of mobile OSs like Apple’s iOS and Google’s Android may be in the news of late but for all the publicity both received, older Symbian OSs still make up around half of all smartphones sold in 2009. Advanced threats researcher Paul Ferguson came across a new suspicious application running on the S60 platform. [...]
Thu, 1 Jul 10
Backdoors in Twitter, Now in Arabic
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/NgtjfXs_XAE/
Twitter is becoming a common medium to spread spam, malware, and all kinds of badness. Just a few weeks ago, we wrote about FIFA and the Gaza attacks being used as social engineering leverage by Trojan creators and there are no signs of them stopping anytime soon. Over the past two weeks, several Twitter accounts [...]