While conducting blackhat search engine optimization (SEO) investigations, I stumbled upon an SEO attempt hosted in the popular document-sharing site Scribd.
The document that contains the SEO strings and links was actually a .PDF file that has been uploaded to Scribd.
Further investigation revealed that the user account that uploaded this SEO .PDF file has been very [...]Post from: TrendLabs | Malware Blog - by Trend MicroEmerging Blackhat SEO Techniques [...more]
We recently received a report of a new phishing attack that originated from Mexico. It takes advantage of the controversial news about an allegedly missing four-year-old girl, Paulette Gebara Farah, who was later found dead in her own bedroom. On investigation we found that this attack came from a Mexican botnet and that it was [...]Post from: TrendLabs | Malware Blog - by Trend Micro“Tequila Botnet” Targets Mexican Users [...more]
A new exploit has been found in the Japanese word processor Ichitaro. JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability. It is released by Japanese Vulnerability Notes as JVNDB-2010-000024. If exploited, arbitrary code could be run on users’ systems.
The file that exploits this new vulnerability has [...]Post from: TrendLabs | Malware Blog - by Trend MicroAnother Vulnerability Discovered in Ichitaro [...more]
Today is the last day of May and, for some people, the last day their Facebook accounts are available online. Recent changes to Facebook’s privacy settings are regarded as rather confusing and not readily apparent to users. Not even the latest update that Facebook made last May 26, which attempted to address its long-running issue [...]Post from: TrendLabs | Malware Blog - by Trend MicroIs It Time to Quit Facebook? [...more]
Early this year, the SASFIS Trojan became notorious in relation to spoofed email messages supposedly from Facebook. SASFIS infections usually result in tons of other malware infections, as this particular family makes systems susceptible to botnet attacks, particularly from ZeuS and BREDOLAB, and is affiliated with various FAKEAV variants, usually those associated with pornographic sites.
TrendLabsSM [...]Post from: TrendLabs | Malware Blog - by Trend MicroSASFIS Malware Uses a New Trick [...more]
TrendLabsSM recently handled a client case last March wherein two peculiar malware leveraged a Windows service—Windows Management Instrumentation (WMI)—to execute their malicious routines.
WMI lets users access and retrieve information about their OSs. It is particularly useful for administrators, especially in enterprise environments, as it manages applications found on systems connected to a network using any [...]Post from: TrendLabs | Malware Blog - by Trend MicroWindows WMI Abused for Malware Operations [...more]
The upcoming “2010 FIFA World Cup” in South Africa is one of the most highly anticipated events in sports history today. As expected, cybercriminals have been using this event as another means for their endless string of profiteering schemes.
TrendLabsSM engineers discovered two separate spam runs leveraging the said event. The first spam sample (see Figure [...]Post from: TrendLabs | Malware Blog - by Trend MicroLatest Online Scam Targets FIFA Fans [...more]
The KOOBFACE botnet continuously evolves to keep on generating profit for its perpetrators. The fact that the botnet is still alive shows that the cybercriminals behind it are making a fortune off it.
In our effort to conduct research on and to monitor the latest developments made to the KOOBFACE botnet, we have noticed several changes [...]Post from: TrendLabs | Malware Blog - by Trend MicroThe Evolution of KOOBFACE: A Web 2.0 Botnet [...more]
Italian bank Banca Popolare di Sondrio has become phishers’ new target with the discovery of a spammed message containing a link to the supposed bank’s Internet banking site, SCRIGNO.
As with previous bank-related phishing attempts, clicking the link leads users to a site that looks very much like the legitimate Internet service’s login page. The site [...]Post from: TrendLabs | Malware Blog - by Trend MicroPhishing Scam Targets Italian Bank [...more]
The TDSS malware family in itself is already a big threat to users. Known for its rootkit capabilities, TDSS constantly evolves to include more sophisticated means in order to hide its presence in an affected system. The Mebroot malware family, on the other hand, is noted for inflicting master boot record (MBR) infections.
TrendLabsSM engineers recently [...]Post from: TrendLabs | Malware Blog - by Trend MicroMebroot Variant Behaves Like TDSS [...more]
