January 24th, 2008 by Dianne Lagrimas (Technical Communications)
Cyber criminals who took advantage of Hollywood actor Heath Ledger’s death are at it again, this time attempting to lure unsuspecting Super Bowl fans. When users search for “Superbowl,” Google search results turn up the following:
Is the Super Bowl on cyber criminals’ social engineering lists? It does seem somewhat passé (even if the event is in two weeks). But what’s interesting in this case is that the malicious URLs are once again found in the servers of the Czech hosting provider believed to be hacked.
Our analysts have been in contact with CERT CZ and the Czech hosting provider but the malicious codes are still present as of this writing.
Trend Micro customers are protected from the harmful outcomes of these malicious URLs with the Web Threat Protection’s Web Filtering technology, effectively blocking the first-level malicious URL.
Information and screenshot provided by Research Project Manager Ivan Macalintal
January 24th, 2008 by Dianne Lagrimas (Technical Communications)
A new Symbian malware detected by Trend Micro as SYMBOS_BESELO.A attempts to spread what appears to be the good stuff via Bluetooth and Multimedia Messaging Service (MMS) messages. Disguised as a picture or a multimedia file, it uses any of the following file names to spread to other mobile phones:
- beauty.jpg
- love.rm
- sex.mp3
Notice the file extensions? Do not be deceived because in reality, these are .SIS files, the typical installer files used in mobile technology. Aside from using enticing file names, the disguised file extensions help in effecting its successful installation.
Once the user unwittingly installs the malicious .SIS files, this malware drops certain files and creates several other ones. It then uses the infected phone as a launchpad for wider propagation by sending MMS messages that contain any of the mentioned innocent-looking file names. And so the cycle continues. This is a disturbing prospect given the ubiquity of mobile phone transactions in that sometimes users no longer give a second thought to entertaining messages from unknown senders.
SYMBOS_BESELO.A affects mobile phones running the Symbian/S60 2nd edition operating system, which is commonly found in the following Nokia models:
It does not affect newer Nokia models, such as the Nokie E-series, N71, N73, N75, N76, N80, N91, N92, N93, N93i, N95, etc. as those phone models use Symbian 9.1/S60 3rd edition. In any case, users are advised to not accept unexpected files sent via Bluetooth, and to be careful when opening MMS messages. Mobile users with Trend Micro Mobile Security 3.0 for Symbian/S60 or 5.0 for Symbian/S60 installed are automatically protected from this malware.
Additional information provided by Todd Thiemann and Rolf Rennemo
