No, that’s not a typo. The title for this blog entry is really “Updating VVindows”, with a double V instead of a W. If you’ve noticed that the word “Windows” was written with two Vs instead of a W, then good for you. Chances are, you won’t be easily fooled by VVINDOWSUPDATE.COM

According to Sunbelt’s Blog, there is a newly registered domain name called VVINDOWSUPDATE.COM. Created last July 9, this site apparently wants to trick people into thinking that it’s the actual update site for Windows (which is actually http://www.update.microsoft.com). Although there are no pages on the site yet, it’s highly possible that VVINDOWSUPDATE.COM can be used for future web threat attacks.

Here’s some related info on the domain:

Domain Name: VVINDOWSUPDATE.COM

Registrant:
SSS Inc.
Ivan P Sidorov ********@spywaresoftstop.com)
Mira 1-90
Moscow
Karachaevo-Cherkesskaya Respublika,333444
RU
Tel. +543.87987665

Creation Date: 09-Jul-2007
Expiration Date: 09-Jul-2008

Domain servers in listed order:
ns2.vvindowsupdate.com
ns1.vvindowsupdate.com

It seems suspicious that the registrant is in Russia, don’t you think?

As a safety measure, before clicking on any link claiming that it’s a Windows update site, check for the URL. It should be http://www.update.microsoft.com.

Today, our email honeypot captured a new malware sample to be detected as TROJ_ARTIEF.H. The malware executable is embedded in a RTF document with a filename of “complaint_3768253712.pdf”. Yes, the file extension is “pdf” but the file is actually an “exe”.

As I recall the TROJ_ARTIEF family of malwares targets high ranking individuals (business executives, managers, etc.). This time, the email is again directed to Federal Trade Commission. It is has the same email body as described in a previous entry, More Malicious RTFs detected.

Just a reminder, don’t open unsolicited mails from known or unknown contacts especially if the mail has attachments included. Always have your anti-virus software scan files downloaded from the internet.

The iPhone is just short of a month old, yet the list of security risks associated with it already seems as long as a year. There has been no letup of reports of serious attacks that may be mounted in relation to the gadget of the moment, from phishing sites to vulnerabilities in the Safari browser, as discussed in the following entries:

• iPhone does a Safari
• Experts Rain on iPhone’s Parade

It was noted that real downpour is yet to come, and it seems that the time is nigh. In a recent case, too many Wi-Fi requests from iPhones at Duke University flooded the campus wireless LAN (WLAN), rendering around 30 access points unusable. Network administrators were quick to discover from captured wireless traffic that 18,000 requests per second made from iPhones were to blame and to absolve Cisco, provider of the WLAN, although Cisco has since admitted that it was a network issue that caused the flooding.

Meanwhile, Independent Security Evaluators researchers, who hack their client’s machines to test security, have also set the stage for a deeper iPhone scrutiny, with an announcement that they have cracked Apple’s wonder gadget. The white hat hackers claim that through an unsecured Wi-Fi connection or through compromised Web sites that the user was tricked into visiting, a hacker could take complete control of the much-hyped device.

The nitty-gritty of the exploit remains under wraps, however, and will not be disclosed until the BlackHat conference in Las Vegas on August 2, 2007. For now, preliminary details on the vulnerability are available at exploitingiphone.com and an introductory technical paper may be downloaded here. From the looks of it, however, there is no more waiting with bated breaths for the details because a video about the said hack by the same Baltimore-based researchers is already on YouTube.com. See related story by NBC in this news clip, where Trend Micro Senior Threat Research Consultant Jamz Yaneza appears.

Spammers are Excel-ing, literally. Text and image spam as PDF files are now old news as MS Excel enters the spam scene. Last July 22, Trend Micro researchers started noticing email messages that carry ZIP-packed Excel files. When opened, these Excel files stink of pump-and-dump schemes that spam mails are now notorious for. See images below:

Email

Zip Archive

Excel File

Using ZIP as carrier of malicious files is already a known routine of many malware families like WORM_BAGLE and TROJ_YABE. Using ZIP as carrier or as part of a spam scheme, however, is quite new and may be a social engineering tactic more than anything else. The fact that the email arrives as an Excel file packed in ZIP may have more to do with an attempt to lend credence to a stock-related email at a time when authorities are seriously running after pump-and-dump spammers. That the spammer chose Excel, an application usually associated with accounting ergo money, may not be a coincidence as well.

Spam Excel(s) now and it is not far off the mark that it Word(s) and PowerPoint(s) in the future…and Photoshop(s) and Outlook(s) and ….

Big Hollywood movies are usually fodder for spammers, who send out their wares just when anticipation for a certain feature film reaches fever pitch. This was observed earlier this year when The Pirates of the Caribbean: At World’s End and Harry Potter and the Order of the Phoenix came out.

The latest to become the target of a spam campaign is The Simpsons Movie set to premiere on the last week of July. The spammed email message contains an image of Homer Simpson sitting on a brown sofa, decked out in only a beer belly-baring Superman tee and white briefs.
Above his head is the question Will you go see the movie The Simpsons? and a call to action: Take our short survey now. When clicked, the image leads to a Web page that asks for a user’s email address which would be another legitimate address added to the long list of a spammer’s victims.

Trend Micro warns users to be wary of spam riding on a blockbuster release. These are not usually part of a big-budget campaign to market a film but rather a quite effective tactic for spammers to get what they want.