Anti-Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |Thu, 30 Sep 10
ZeuS Now Bypasses Two-Factor Authentication
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JmH8rJYVTCc/
Trend Micro has been alerted that certain ZeuS/ZBOT variants are now able to break into users’ bank accounts in spite of two-factor authentication systems. These are frequently used to enhance bank security. These ZeuS variants can specifically use mobile malware to defeat systems that rely on text messages sent via mobile phones on Symbian OSs. [...]Post from: TrendLabs |8888
ZeuS Now Bypasses Two-Factor Authentication
Wed, 29 Sep 10
World of Warcraft Scams: Free Gifts and Fake Account Suspension Threats
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/IuMQfV8poOI/
Blizzard’s World of Warcraft (more popularly known as WoW) is one of the most popular massively multiplayer online role-playing games (MMORPGs) in the world. With more than 11.5 million subscribers as of 2008, WoW is plagued by a thriving underground online gaming economy. The most common scam in WoW that Trend Micro has seen uses [...]
Post from: TrendLabs |8888
World of Warcraft Scams: Free Gifts and Fake Account Suspension Threats
Wed, 29 Sep 10
ZeuS Trojan Now Uses False Configuration URLs
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wjiXGb4tLfo/
One of the “standard” behaviors of the ZeuS/ZBOT Trojans is that it downloads a configuration file. This configuration file contains details on its bot routines such as what sites to target, what URLs to access to download an updated copy of itself, what URLs to send stolen information to, and what URLs to access to [...]Post from: TrendLabs |8888
ZeuS Trojan Now Uses False Configuration URLs
Sat, 25 Sep 10
New Azvhan Bot Family Revealed
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KHHXOoMOb5g/
A new bot family was found in the wild around April this year. This family was named “Avzhan.” Avzhan malware, detected by Trend Micro as Mal_Scar-1, mostly affected Asia where most of the affected users resided. Avzhan bots install themselves onto the Windows system directory using the file name {six random lower-case letters}.exe. After installation, [...]Post from: TrendLabs |8888
New Azvhan Bot Family Revealed
Fri, 24 Sep 10
Technical Analysis of Adobe Acrobat and Reader Zero-Day Exploit
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/AGDLv4uOEKs/
Several weeks ago a new Adobe Acrobat/Reader zero-day vulnerability was found and soon exploited in the wild. What’s most interesting about this particular exploit is how it used Return-Oriented-Exploitation (ROP) techniques to bypass some of Window’s security features, such as Data Execution Prevention (DEP). In addition, it uses two-staged shellcode to perform its routine: the [...]
Post from: TrendLabs |8888
Technical Analysis of Adobe Acrobat and Reader Zero-Day Exploit
Fri, 24 Sep 10
Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OMu1DqWQg74/
This blog discusses our analysis of the recent Adobe Flash zero-day vulnerability. Trend Micro received a sample Shockwave Flash (.SWF) file that exploited this 0-day vulnerability. Since the original blog post was posted, we have been analyzing this sample to determine how the exploit works. Static Analysis Let’s call the sample .SWF file exploit.swf. Quick [...]
Post from: TrendLabs |8888
Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability
Wed, 22 Sep 10
Twitter Mouseover Flaw Allows Script Injection
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J22r13oAYM8/
As I write this, there are some rather unusual trending topics on Twitter, including: XSS OnMouseOver MouseOver Exploit Security Flaw Searching for any of the said topics in Twitter should make what is going on immediately obvious. Essentially, there is a flaw in Twitter that allows the injection of JavaScript code into a Tweet. How [...]Post from: TrendLabs |8888
Twitter Mouseover Flaw Allows Script Injection
Wed, 22 Sep 10
Take a Peek at the Thriving Underground Online Gaming Economy
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/urB63lYE2DE/
You know that something has become mainstream when people have a lot to say about it. Just like any activity, online gaming has had its share of caveats. For instance, a man from Hawaii sued an online game publisher, for allegedly causing him to lose 20,000 hours of his life. You see, the majority of [...]Post from: TrendLabs |8888
Take a Peek at the Thriving Underground Online Gaming Economy
Wed, 22 Sep 10
Adobe Fixes Flash Player Bugs, Acrobat and Reader Still Vulnerable
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nxQxSo09hrw/
Adobe fixed one of the two zero-day vulnerabilities that were revealed in the past two weeks. Earlier this week, Adobe rushed out a new version of Flash Player, which fixed the critical vulnerability discovered last week. Flash Player 10.1.85.3 is the updated version for everyone except Android OS users, for whom a corresponding version, 10.1.95.1, [...]
Post from: TrendLabs |8888
Adobe Fixes Flash Player Bugs, Acrobat and Reader Still Vulnerable
Sat, 18 Sep 10
Phishing Proliferating via Facebook Chat
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HQq9aQMJe-k/
Recently, while chatting with someone on Facebook, one of my friends surprised me when she sent me this: Out of curiosity and suspicion, I visited the link. This eventually led me to the following site, which was hosted at http://{BLOCKED}atingchatnetwork.com/facebook/index.php. Users who input their Facebook credentials here would be surrendering their credentials to phishers. Phishing [...]
Post from: TrendLabs |8888
Phishing Proliferating via Facebook Chat
Fri, 17 Sep 10
How Spammers Hide Behind Multiple Web Layers
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/LLpH3mGHYvo/
Today, I received a spammed message that made it through my spam filters, thanks to a few clever tricks. Right off the bat, the message was only a short sentence with a shortened link. The sentence was written in Spanish so anti-spam filters might have had a harder time with it. That was the first [...]Post from: TrendLabs |8888
How Spammers Hide Behind Multiple Web Layers
Thu, 16 Sep 10
One Server, Multiple Botnets
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GEWchahdlys/
During a recent investigation into a server hosting SpyEye, we noticed that there were several open directories that led to other control panels. SpyEye was also the same malware family that recently targeted Polish users. One of the control panels is for URLZone/Bebloh. The other control panel, on the other hand, did not have any [...]Post from: TrendLabs |8888
One Server, Multiple Botnets
Wed, 15 Sep 10
New Adobe Flash Critical Vulnerability Exploited in the Wild
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/U8HismH-Lh0/
Adobe has issued a security advisory APSA10-03 describing a new critical vulnerability in its products. This time, the primary target is Flash Player, with multiple platforms—Windows, Mac, Linux, Solaris, and Android—all affected and is currently being exploited in the wild. Current versions of Acrobat and Reader—the target of last week’s vulnerability—are also affected by the [...]
Post from: TrendLabs |8888
New Adobe Flash Critical Vulnerability Exploited in the Wild
Wed, 15 Sep 10
September Patch Tuesday Resolves 11 Vulnerabilities
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FombG76gsio/
Patch Tuesday has arrived, bringing with it the monthly crop of Microsoft security patches. September has a total of nine bulletins, fixing a total of 11 vulnerabilities, all but one of which affects Windows, two cover Microsoft Office, and one covers both Windows and Office. In general for this Patch Tuesday, users of older Microsoft [...]Post from: TrendLabs |8888
September Patch Tuesday Resolves 11 Vulnerabilities
Wed, 15 Sep 10
Latin American Auction Site Hit by Malware
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fvFwpMzKT3o/
MercadoLibre, the leading auction site in Latin America, was recently used to spread malware. Cybercriminals were able to inject a malicious script into the page, which prompted users to download and run a fake Adobe Flash Player installer. The supposed installer, however, is actually a malicious file detected as TSPY_DABVEGI.E. Running this file would cause [...]Post from: TrendLabs |8888
Latin American Auction Site Hit by Malware
Wed, 15 Sep 10
FAKEAV: Out of the Spotlight but Still a Problem
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Gpzk4UClz3k/
Fake antivirus software—designated as FAKEAV malware by Trend Micro—may have somewhat fallen out of the spotlight of late but it still remains a significant concern for many users. For example, in a poll of users at Trend Micro’s TrendWatch information portal, almost half of them indicated that they viewed FAKEAV as an issue of great [...]Post from: TrendLabs |8888
FAKEAV: Out of the Spotlight but Still a Problem
Tue, 14 Sep 10
Mehika Twitter Botnet Targets Twitter Users
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SLtXG5I-xow/
Leveraging social networking sites to gain control of user systems, and to make them part of botnets is no longer a new tactic. In a recent research, we came across a malware that uses a Twitter account to send out commands to the new Mehika Twitter botnet’s zombies. But why are cybercriminals using a social [...]Post from: TrendLabs |8888
Mehika Twitter Botnet Targets Twitter Users
Tue, 14 Sep 10
Spam Delivers Downloader Trojan
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/AwlsBlpJdVA/
Malware writers are again taking advantage of curious readers by sending out email messages related to recent news events that contain malicious attachments. One particular sample detected as TROJ_AZAH.A comes disguised as a folder. A curious user may “open” the disguised file and run it. Among the folder names used are: Philippine-HK News Rise of [...]Post from: TrendLabs |8888
Spam Delivers Downloader Trojan
Sat, 11 Sep 10
From Alicia to Africa to Anywhere Else: Possible Origin of the ‘Here you have’ Spam Campaign
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xU1vbTBVzNA/
Yesterday, Trend Micro blogged about WORM_MEYLME.B that sent various spammed messages containing a bogus PDF document and/or CVs. With just a few hours, it has infected many users worldwide which proved its effective social engineering tactics. Upon closer investigation, this spam campaign that we think started around July 17 or earlier, was initially sent to [...]
Post from: TrendLabs |8888
From Alicia to Africa to Anywhere Else: Possible Origin of the ‘Here you have’ Spam Campaign
Sat, 11 Sep 10
Be Careful What You Reveal Online
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/x60AMSWzyRk/
In this YouTube video, Trend Micro CTO Raimund Genes discusses how an attacker can use information from social networks such as LinkedIn and Facebook to hack into a corporate network. The picture Raimund paints shows how attackers can get publicly available email addresses on social networks and send a customized targeted email to the person [...]Post from: TrendLabs |8888
Be Careful What You Reveal Online
Fri, 10 Sep 10
Old Malware Out of its Shell
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/iWQy0Zafr_g/
Trend Micro received several reports of a spammed message containing a link that leads to the download of a malware detected as WORM_MEYLME.B. The spammed message bears the subject, Here you have and informs users of a certain PDF document. When the users point the mouse in the URL, hxxp://www.{BLOCKED}ocuments.com/library/PDF_Document21.025542010.pdf or hxxp://www.{BLOCKED}ovies.com/library/SEX21.025542010.wmv, it indicates a [...]
Post from: TrendLabs |8888
Old Malware Out of its Shell
Fri, 10 Sep 10
New Zero-Day Adobe Acrobat Vulnerability Exploited
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OT3VlWjiOHc/
Adobe has issued a new security advisory concerning Adobe Acrobat, its line of PDF software. All current versions of Reader and Acrobat are known to be vulnerable, across all supported platforms–Windows and Mac for Acrobat, and Windows, Mac, and Unix for Reader. According to the advisory, an attacker could use the vulnerability to “to take [...]Post from: TrendLabs |8888
New Zero-Day Adobe Acrobat Vulnerability Exploited
Thu, 9 Sep 10
New Fake Facebook Spam Waves Send Through Cutwail/Pushdo Botnet
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nnrL2Qi1jIA/
Who said that Cutwail/pushdo botnet was dead? The recent Cutwail/Pushdo takedown was a great help on stopping this huge botnet in sending spammed messages all over the world. Yesterday however, a new wave of fake Facebook messages have been sent through some Cutwail zombies for about 30 minutes which is around 5000 spammed emails. The [...]Post from: TrendLabs |8888
New Fake Facebook Spam Waves Send Through Cutwail/Pushdo Botnet
Thu, 9 Sep 10
Uncovered Spyeye C&C Server Targets Polish Users
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ve11vdwxeB4/
All of us have heard about SpyEye, a malware family comprising information/data stealers like ZeuS/ZBOT. This malware is sometimes known as a “ZeuS killer,” as it stops ZeuS malware from running on affected systems, assuming that the latter is already present. This topic was discussed before in the blog post, “Keeping an Eye on the [...]Post from: TrendLabs |8888
Uncovered Spyeye C&C Server Targets Polish Users
Tue, 7 Sep 10
Cybercriminals Hone in on Critical Systems
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v9p7EvCjpcU/
Any regular reader of this blog knows that malware can infect a system in several ways—email, browser exploits, instant-messaging applications, peer-to-peer (P2P) networks, and others. Even organizations that take great lengths to secure their Internet gateways have found themselves compromised via one of the oldest infection methods—physical media attacks with USB flash drives taking the [...]
Post from: TrendLabs |8888
Cybercriminals Hone in on Critical Systems
Fri, 3 Sep 10
Pushdo Takedown Damages Botnet
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6BY4bTnk0jY/
Last week it was reported that the Pushdo botnet, used to send spam using the Cutwail spamming module, was taken down, thanks to the efforts of several security researchers. Thirty command-and-control (C&C) servers of the Pushdo/Cutwail botnet were identified, almost 20 of which were taken down after their Internet hosting providers were notified. So far, [...]Post from: TrendLabs |8888
Pushdo Takedown Damages Botnet
Fri, 3 Sep 10
“IQ Test” Spam Proliferating via Instant Messages
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mx9v7AOm9jk/
I recently came across a round of spammed instant messages that arrived via my Yahoo! Messenger account. These messages were supposedly sent from my cousin’s account, and used the following format and were sent to everyone on her friends list: The familiar message format told me that I was chatting with a bot that wanted [...]Post from: TrendLabs |8888
“IQ Test” Spam Proliferating via Instant Messages
Wed, 1 Sep 10
TDSS Pretending To Be Tweetdeck Update
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Qj0IUiuk-OM/
Timing is everything–especially if you’re trying to spread malware. Last week, the developers of the popular Twitter application Tweetdeck notified users that due to changes in the supported authentication protocols by Twitter, users of older versions would have to upgrade. Naturally, cybercriminals latched onto this bit of news and sent out their own tweets saying [...]Post from: TrendLabs |8888
TDSS Pretending To Be Tweetdeck Update
Wed, 1 Sep 10
New Zero-Day Vulnerabilities Imminent
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/JmXVMCAYIm8/
An independent group of security researchers has announced that they will be releasing zero-day vulnerabilities, web application vulnerabilities, and proof-of-concept exploits for patched vulnerabilities throughout the month of September. Many high-profile vendors such as Adobe, Apple, Microsoft, and Mozilla are among those whose products will apparently have vulnerabilities revealed in the month. According to Trend [...]
Post from: TrendLabs |8888
New Zero-Day Vulnerabilities Imminent