New VirusesMassive SQL Injection EnsuesWith the growing concern with numerous vulnerabilities, just this afternoon, Trend Micro Research Project Manager, Ivan Macalintal, stumbled on a somewhat regional fallout of this SQL injection in India threading through numerous compromised government, tourism, popular media, and other sites. We have identified the following new URLs leading to more malware that made it into [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
July 2009 Microsoft Security UpdatesSix security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks.
The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Signed Malware Coming To A Phone Near You?
Conventional wisdom has it that mobile platforms like PDAs and mobile phones are safer from malware attacks, one reason being the relatively closed nature of such platforms. In some platforms, such as newer versions of the Symbian OS, this is enforced in part by mandatory code signing, which requires that applications need to be signed [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
OWC ActiveX Exploit Follows MPEG2TuneRequest’s LeadBarely a few days after the last Microsoft zero-day exploit and out comes another, this time attacking vulnerabilities in the OS’s Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC 11). As if on cue for the next round of Patch Tuesday releases, the cybercriminals also released their own “updates” with this attack.
““This vulnerability [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Koobface Increases Twitter Activity
Just a few hours ago, Koobface has increased its Twitter activity, sending out tweets with different URL links pointing to Koobface malware.
This is in contrast to previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used.
As of writing, there are a couple of hundred Twitter users affected by Koobface in the past [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
MYDOOM Code Re-Used in DDoS on U.S. and South Korean SitesA worm designed to propagate through email is the main proponent used in the DDoS attacks against high-profile websites in the United States and South Korea.
Detected as WORM_MYDOOM.EA by Trend Micro, it is suspected to have arrived in victims’ inboxes as an attachment to email messages. Upon execution, it registers itself as a system service (like [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
ColdFusion Spurs Another Mass CompromiseJune saw more than its fair share of mass-compromised websites—with one wave early in the month and Nine Ball hitting later on in the month. One would hope that July would be different, but it was not to be.
Last week saw another wave of compromised websites that had one thing in common—they were all running [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Click Fraud Takes a Step Forward with TROJ_FFSEARCHEarlier this month, TrendLabs security experts discovered that around 40,000 websites have been hacked and seeded with code that bombarded visitors’ PCs with countless browser exploits to install a Trojan, which we already detected as TROJ_FFSEARCH.A. This Trojan has been found to be among the malware installed by another threat. It is known as FFSearcher, [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Zero-day MPEG2TuneRequest Exploit Leads to KILLAVEarlier today, TrendLabs has been alerted of a zero-day exploit in the Microsoft Video streaming ActiveX control MsVidCtl. Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit. Trend Micro detects it as JS_DLOADER.BD. [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
WALEDAC Celebrates Independence Day, TooHolidays are almost always the target of significant spam and malware attacks, and this Fourth of July is turning out to be little different. A new WALEDAC variant – detected as WORM_WALEDAC.DU – has been sending out Independence Day spam messages. (In fact, last year there were multiple fourth of July attacks, one of which [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Gumblar Invades Best BuyEarlier today, Trend Micro Technical Account Manager Fioravante Souza in Brazil spotted a (potentially harmful) URL that redirects users from the Best Buy domain site.
Users who visit www.bestbuy.com, as it turns out, are redirected to the URL, hxxp://pics. bubbled.cn/gallery/
hardcore/?23c4f60c1b9f604d6ffb21cba599301f (hxxp = http, and without the spaces). The compromised page in the domain is found to [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Spam Speculates Michael Jackson’s MurderMichael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject Who killed Michael Jackson?, coming from a sender named x-files.
The spam message suggests that the icon was killed, [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Three Months Later: Where’s DOWNAD?
Exactly three months ago, the whole IT sector was waiting with bated breath for April 1. The latest DOWNAD/Conficker variant–WORM_DOWNAD.KK–was poised to strike. We know that on that day, it would attempt to access 500 of 50,000 websites and download new malicious files. This led to fears–somewhat misplaced–that new, possibly damaging payloads could cause severe [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
To *** or Not to Mask: Usability Versus Security in Password MaskingOn June 23, Jakob Nielsen posted an article declaring that password masking on the user interface is more harmful in terms of usability than helpful to the security of an application to which Bruce Schneier, in a June 26 blog post agreed. Both argued that masking the characters when a user enters a password is [...]
Post from: TrendLabs | Malware Blog - by Trend Micro To *** or Not to Mask: Usability Versus Security in Password Masking Categories: New Viruses
Michael Jackson Video Leads to Malware DownloadCybercriminals once again used the passing of Michael Jackson, the ‘King of Pop,’ a few days ago as an opportunity to go about with their malicious activities and attack innocent users.
We spotted an email (see Figure 1 below) about Michael Jackson’s death written in Spanish claiming to be from CNN Mexico.
Upon closer analysis (see Figure [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Files for Ransom… or NotA new ransomware spreading through email is on the loose.
On the outset, the worm detected by Trend Micro as WORM_RANSOM.FD may look like a normal mass-mailing worm but further analysis reveals that this comes with a deadly payload. With only a few exceptions (files with .rwg, .dll, .exe, .ini, .vxd, and .drv extensions are [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
New Koobface Component: A DNS ChangerAside from the new Twitter component we’ve also seen Koobface download a new component with the filename dns.exe, whose main purpose, it seems, is to modify the system’s DNS registry settings.
It is accomplished by inserting 213.174.139.72 (IP of the rogue DNS server) into the values of NameServer and DhcpNameServer found in the following registry key: [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
New Anti-analysis Technique for Script MalwareRecently, we came across JS_VIRTOOL which uses certain Javascript techniques so that encrypted code may not be decrypted and analyzed by a malware analyst.
Here is how this is done:
It retrieves the URL where the malicious script is located.
It retrieves its own function and adds the string of the URL.
It computes the CRC of the function [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
MSN Bot Plays on Controversy over Michael Jackson’s DeathFollowing the sudden and shocking death of The King of Pop, Senior Threat Researcher Loucif Kharouni reports that a slew of malicious links related to Michael Jackson’s last moments in the hospital before his death are now being proliferated in the wild via the instant messaging (IM) application, MSN. Below is a sample screenshot of [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
Koobface TweetsTwitter is a very popular platform for expressing whatever is on a user’s mind, making it a favorite target of malware authors. Trend Micro has published several blog entries that discussed attacks on Twitter. Now, the creators of Koobface included a new component in the malware to target the vast number of Twitter users. They’ve [...]
Post from: TrendLabs | Malware Blog - by Trend Micro Categories: New Viruses
|
SyndicateNavigation |