Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Mon, 30 Aug 10
The Persistence of FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TG8mZ9ldVEI/
Despite the consistent media exposure that FAKEAV malware receives, it has always been business-as-usual for the FAKEAV proponents. To find out why the notorious malware persists, Trend Micro researchers looked into three important aspects. These include: 1) social engineering techniques; 2) FAKEAV technology; and 3) the FAKEAV business itself. Social Engineering Social engineering is a [...]Post from: TrendLabs |8888
The Persistence of FAKEAV
Fri, 27 Aug 10
New DLL Vulnerability Exploited in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gdit7X_GoiU/
Over the weekend, Microsoft issued a new security advisory which covered a vulnerability in how Windows handles DLL files. The attack scenario would go this way: a vulnerable application would be used to open a file. The opened file can be a perfectly legitimate file; however the malicious file must be located in the same [...]Post from: TrendLabs |8888
New DLL Vulnerability Exploited in the Wild
Thu, 26 Aug 10
Blogspot Mail2Blogger Secret Email Address Used in Spam Attack
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/QQtcxU60aVo/
A spammed message supposedly from Newegg, a popular online computer hardware/software seller has been found in the wild. It informs users that their online purchase has been charged to their Visa card. It also contains two clickable links that point to the same malicious page, an example of which is http://{BLOCKED}nthenet.net/1.html. Clicking the link leads [...]
Wed, 25 Aug 10
Fake Celebrity Deaths Used in Malicious Spam Run
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1-R7kf8JYyI/
TrendLabs received a recent spammed message that uses fake news about the death of Hollywood celebrities and famous athletes. The spam came in two varieties: one has a .ZIP file attachment that contains the malicious file news.exe that is detected as TROJ_DLDER.AU. TROJ_DLDER.AU connects to a certain URL to, in turn, download TROJ_BREDOLAB.XY. The other [...]
Mon, 23 Aug 10
ZeuS Variant Targets U.S. Military Personnel
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5kytqHhEKl0/
Today, we saw a malware variant created with the well-known ZeuS toolkit that seems to be targeting members of the U.S. military serving overseas. Targets of this scam will receive an email with the following text: Dear Bank of America Military Bank customer: This letter is to inform you that there is an update required [...]
Sat, 21 Aug 10
Close Encounter with an Internet Scammer
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/cJv3MrfedqI/
This is just the story of a scam somebody tried to pull on me yesterday. It was too funny not to publish it. The fact is that I’m selling my car so I put it up on Facebook Marketplace. After a few hours, I received a Facebook message from a Caroline McMillan asking for more [...]
Fri, 20 Aug 10
DEFCON 2010: Privacy and Social Networking Matters Now
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/QyJIx_vzXyA/
I attended the DEFCON and BlackHat Conferences recently held in Las Vegas. Here are my thoughts on some of the sessions that users may find useful. Both of the talks below deal with privacy issues on the Internet and social networking. How Unique Is Your Browser? Presenter: Peter Eckersley The presentation was about finding ways [...]
Thu, 19 Aug 10
BlackHat 2010: Broken Browsers, Malware Fingerprinting, And Exploits Made Easy
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/iRnD5TPPLEs/
I attended the DEFCON and Black Hat conferences earlier this year. Here are some of my thoughts on some of the sessions that may have serious long-term security implications for users. Breaking Browsers: Hacking Auto-Complete Presenter: Jeremiah Grossman Grossman talked about a flaw in the auto-complete features of several major browsers that can be exploited [...]
Thu, 19 Aug 10
Malicious Android App Spies on User’s Location
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SLtl6rVPYNI/
Smartphones are becoming cybercriminals’ favorite malware vector. Last week, TrendLabsSM reported the first ever Android Trojan (detected as TROJ_DROIDSMS.A) found in the wild. Though it failed to perform its intended routine, the attack showed that cybercriminals are always on the lookout for new means to distribute malware. Recently, Trend Micro threats analysts Edgardo Diaz and [...]
Wed, 18 Aug 10
The Security Implications of iOS Jailbreaking
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/2WE6XCUstI4/
Jailbreaking has been in the news lately largely because of the very public online iPhone jailbreaking tool that uses vulnerabilities in the iOS platform. Initial security concerns were raised due to the discovery of a loophole that was used by the jailbreaking tool. Whether people should jailbreak their devices or not, however, is in itself [...]
Sun, 15 Aug 10
Underground Credit Card Processor Compromised
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/s7yHaAiGLHY/
A group of hackers has recently published detailed information from an underground credit card company. On July 23rd, an anonymous group claimed to have compromised a server of an online credit card processor company. At that time, however, the extent of the compromise was unclear. Looking at the data that was published leads us to [...]
Sat, 14 Aug 10
Spamhaus Listing Rightfully Lists Latvian Hoster
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/j0b1I1vEK2M/
Sometimes not cleaning up your own backyard — and responding to abuse requests — can be costly when an ISP ends up on the Spamhaus Block List (SBL), as one particular Latvian hoster, Microlines.LV, has recently discovered. Chris Williams explains the situation today in The Register. The Spamhaus SBL generally lists blocks of IP addresses [...]
Sat, 14 Aug 10
Thoughts from DEFCON 18
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1l3iTHrGofg/
Each summer when the weather is hottest, I pack my bags and head out to Las Vegas, Nevada. Why would I leave my nice home by the ocean and go to a blistering desert? Only one thing would make me and that is DEFCON. DEFCON and its more professional compatriot, Black Hat, is what amounts [...]
Fri, 13 Aug 10
WALEDAC Still Spreading via Malicious Attachments
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/x_5wZTbOKrM/
Back in February, the infamous WALEDAC botnet had been shut down with the takedown of its command-and-control (C&C) servers. However, in recent weeks, it seems to be making a comeback of sorts. In the past few weeks, there has been something of an increase in the number of spammed messages delivering malicious attachments to users. [...]
Fri, 13 Aug 10
July 2010—An Eventful Month for Threats
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Y0dWVlMW76I/
Trend Micro’s TrendLabsSM has released its latest roundup for the month of July 2010. Recognizing that attacks are now carried out using three primary vectors—email, Web, and file—I have drawn on some of the highlights from the past month. Spam The United States, Brazil, and India retained their positions as the top 3 spam-sending countries, [...]
Fri, 13 Aug 10
Bogus MSRT Leads to FAKEAV
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SiB0ofH5YLU/
A fake Malicious Software Removal Tool (MSRT) has been found circulating in the wild. Senior threats analyst Edgardo Diaz stumbled upon a sample that Trend Micro detects as TROJ_FAKEAV.MSRT. From the onset, it looks like the real MSRT based on the icon it uses. Similar to other FAKEAV variants, it also displays a fake scanning [...]
Thu, 12 Aug 10
What is “Aixirivali Andorra” Anyway?
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/y7esAXxduoU/
Bad guys are always on the lookout for new ways of doing bad stuff. Today’s weird thing started when we looked at the top searches for terms in Google. One of them was aixirivali Andorra. Unfamiliar with the term, we googled it and found that everything being said about these words were either spam blogs [...]
Thu, 12 Aug 10
Another Record Patch Tuesday Hits Users
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/vZugiFYphB8/
August is turning out to be a busy month for Microsoft security fixes. Last week, an out-of-cycle patch (as discussed in the blog post LNK Vulnerability Fixed in Out-of-Cycle Patch) was issued for the LNK vulnerability. On the regularly scheduled Patch Tuesday for this month, a record number of bulletins were issued—14. In terms of [...]
Thu, 12 Aug 10
Phishing Attacks Target Japanese Gamers
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/y7oWOWFbvrA/
Japanese users are the latest target of a new phishing campaign. This attack was carried out via the PlayOnline gaming service instead of via more traditional means like email. PlayOnline is a service offered by Square Enix, which is used by several of the company’s games for their online features. However, it has been confirmed [...]
Wed, 11 Aug 10
First Android Trojan in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/cRvp9ni4SzY/
Trend Micro researchers were alerted to the discovery of the first SMS Trojan running on Google’s Android OS smartphones. Upon investigation, the malware disguises itself by using the Windows Media Player icon. It also attempts to send text messages to numbers such as 3353 or 3354 with the message string, 798657 via the current default [...]
Tue, 10 Aug 10
Making a Million, Part Two—The Scale of the Threat
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/TVvJdwbH8eQ/
This is the second part of a two-part series on browser hijacking. The first part may be found here. Not all traffic brokers are as unscrupulous as Onwa Ltd. Legitimate traffic brokers, however, have to be fooled into thinking that they are dealing with a legitimate party. To do this, rogue traffic brokers like Onwa [...]
Tue, 10 Aug 10
Making a Million, Part One—Criminal Gangs, the Rogue Traffic Broker, and Stolen Clicks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/T10cQbfcjKk/
Most cybercrime gangs are not interested in just making a quick profit or in retiring early. They treat cybercrime as a serious and lucrative business venture and are happy to patiently expand their criminal networks while trying to hide their malicious activities from the rest of the world. In this blog post, we discuss how [...]
Sat, 7 Aug 10
Trojanized .MOV Files FAQ
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8T7klmchk5A/
Last week, we reported a new kind of attack that uses specially crafted .MOV files and a certain feature in QuickTime to trick users into downloading malware. The said attack raised some questions on how it was done and whether or not an exploit was used. To clear things up, here are the answers to [...]
Thu, 5 Aug 10
Certificate Snatching—ZeuS Copies Kaspersky’s Digital Signature
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Ykz0sdDGMng/
While conducting continuous threat-monitoring activities, Trend Micro threat researchers identified multiple suspicious files that included a strange digital signature. This signature immediately caught our attention, as it seemed to be signed by legitimate antivirus company Kaspersky. While checking the certificate, we noticed that the hash value applied to the suspect file was invalid. This is [...]
Thu, 5 Aug 10
Online iPhone Jailbreak Uses iOS Vulnerabilities
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w_JEungl-Bg/
Earlier this week, a jailbreak for Apple’s iPhone 4 was released to the public by a developer known as “Comex.” By visiting a special website, users are able to jailbreak their devices far more easily than they could in the past. In addition to the iPhone 4, older Apple products running iOS can also be [...]
Thu, 5 Aug 10
Protecting Your Router Against Possible DNS Rebinding Attacks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/hhvvvMtlWUI/
Last week at the BlackHat and DEFCON security conferences, independent researcher Craig Heffner demonstrated a new attack against home routers that combined DNS rebinding and Cross-Site Request Forgery (CSRF). This attack used JavaScript to trick the user’s browser into establishing a communication channel between the attacker and the admin console of his/her home router. If [...]
Wed, 4 Aug 10
Protecting Your Router Against Recent DNS Rebinding Attacks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J5GyYUllqys/
Last week at the BlackHat and DEFCON security conferences, independent researcher Craig Heffner demonstrated a new attack against home routers that combined DNS rebinding and Cross-Site Request Forgery (CSRF). This attack used JavaScript to trick the user’s browser into establishing a communication channel between the attacker and the admin console of user’s home router. If [...]
Tue, 3 Aug 10
LNK Vulnerability Fixed in Out-of-Cycle Patch
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-Kp_JR6qNK0/
The LNK vulnerability that was first revealed to the public more than two weeks ago and has since then been exploited to spread ZBOT and SALITY malware has now been fixed with an out-of-band patch issued today. With or without any patch, attacks exploiting this vulnerability are likely to become more common. The out-of-band patch—only [...]
Mon, 2 Aug 10
KOOBFACE Gang Now Tracking Visitors
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_I6pWUErQUc/
Fake YouTube pages are a distinctive characteristic of the KOOBFACE bot. These pages are used as lure to convince prospective victims to install the “codec” needed to play a video, in this case, supposedly from a “hidden camera.” These fake YouTube pages at one time included the KOOBFACE gang’s reactions to their list of nefarious [...]