Users who often chat on multiple instant messenger applications may be familiar with Trillian, which is an instant messenger application that allows you to connect with various IM services such as AIM, Yahoo, WindowsLive, etc.

Recently, a couple of vulnerabilities were discovered in this IM application regarding how it processed certain URIs. The first vulnerability can be exploited to automatically execute a potentially malicious file on the user’s system while the second one can be used to cause buffer overflows. To prevent the attack, it is recommended that unnecessary URIs be unregistered.

Towards the end of 2006, we have seen the dramatic rise of image spam as spammers continuously attempt to bypass spam-filtering tools. This forced antispam appliances to improve their detection capabilities, which in turn decreased the number of image-based spam in the recent months. This did not stop spammers from improving their tactics as well though.

What came after is PDF-based spam, which proved effective for spammers because this format is much exhaustive to filter out and traditionally, PDF files have rarely been associated with spam and malware, so very few have been examining PDF files. Of course, PDF also uses text and it was not long before spam filters figured out a way to easily detect them. So spammers thought, “Why not use both PDF and JPEG to send out spam?” Lo and behold, a JPEG-embedded-in-PDF spam emerged. This spells double-trouble for users because this kind of spam can effectively bypass most antispam appliances, which usually have no ability to handle the processing power needed to decode images, much less those encoded inside a PDF file. Trend Micro, however, addresses this problem through its Spam Prevention Solution, which includes image spam detection technology.

Based on a report received by TrendLabs, the said spam comes from fake recipients, which most likely indicates that they are distributed by bot machines. They do not carry malicious payloads though, but we have yet to see the PDF + JPEG + MALWARE combo being exploited by malware authors in the near future. Rest assured, Trend Micro continuously provides cutting-edge approaches to protect users and organizations as these kinds threats evolve.

Part of malicious authors’ tactics in effectively spreading malware is using sophisticated social engineering pitches, which usually include a recent, and most often than not, tragic events like the Katrina hurricane or the Kyrill storm. As most attacks are now targeted, they also write their pitches in local language. Such is the case for this new malware that takes advantage of a recent tragedy in Brazil.

Yesterday, a Brazilian airliner (TAM) skidded off a runway at a Sao Paulo airport and crashed into a gas station and a TAM building, killing almost 200 passengers and employees. While the whole world mourns for the loss of lives, cyber criminals are not wasting any time in exploiting this tragedy to spread malware, steal information and gain profit from it. Trend Micro detects this malware as TROJ_BANLOAD.CGL.

According to initial analysis by TrendLabs Threat Analyst Jhoevine Capicio, this malware arrives via spammed email messages that contain news about the said Brazilian tragedy and a link to a video. When users click on the link, they are directed to the following Web site and asked to run an EXE file (TROJ_BANLOAD.CGL), which in turn downloads a spyware:

This site appears to have been hacked by the malware author to host the Trojan. The spyware, on the other hand, connects to an FTP site where it uploads stolen information, mostly email addresses.

This Trojan also downloads the spyware TSPY_BANKER.JHR from another Web site. This Banload variant is reminiscent of last month’s TROJ_BANLOAD.CZE, which also downloads another BANKER variant. Malware authors are still on the money trail.

Users are advised to be wary of opening email messages they receive containing details about this recent tragedy.

Experts are raining on the parade of the gadget celebutante of the moment, Apple’s iPhone. This week, at least two reports surfaced claiming to have found vulnerabilities on iPhone that can give way to malicious activities.

The Register described iPhone as a “phisherman’s friend” after a security company reported a possible hole on iPhone’s email client that can expose users to phishing Web sites. iPhone’s email client displays only the the first few characters of a Web link, making it relatively easy to hide the end of fake links.

Another possible hole is how iPhone links its Internet browser and phone functions, which can allow the embedding of scam telephone numbers within Web sites that unsuspecting users may be prompted to dial. eWeek.com also reports this vulnerability citing SPI Labs’ warnings on the use of the Safari browser in dialing telephone numbers via mobile devices. The security company clarifies that the bug they found is not exclusive to iPhone and may be applicable to Treos or Windows Mobile devices but they chose to check iPhone first. Note that a user can dial any phone number displayed on a Web page simply by tapping it on iPhone. An attack like this can be launched from a malicious site, from a legitimate site with XSS, or as part of a malware’s payload.

These reports, however, are just drizzle that can hardly stop iPhone’s march. Real downpour is yet to come.