Subscribe to RSS feeds

Archive for April 6th, 2008
Apr6
by Jake Soriano (Technical Communications)

Recycling an old social engineering technique and using two different attack methods, a new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities.

What this spamming operation takes advantage of is the anticipation itself for the release of patches by Microsoft. A sample email message looks like this:

Spammed Message

The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.

To install the said “patch” would mean system infection, of course.

What’s interesting is that users could be infected in two different ways. There’s the attachment in the email, a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan.

Besides the malicious attachment, the spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.{BLOCKED}ook.de/sldb_daten/log/new.php. This Trojan downloads another Trojan from this Web site; the downloaded Trojan is detected as TROJ_AGENT.AZAZ.

Trend Micro users are already protected from these two Trojans. Still, everyone is advised to avoid trusting email messages, especially if they are unsolicited.

 
Posted in Spam |

Apr6
by Arman Capili (Technical Communications)

Apple Woes

Apple’s outrageously trendy products and Mac users alike are riding on pretty rough seas of late. Just this Wednesday, April 3, Apple released its third update for the year that patches 11 confirmed vulnerabilities in its QuickTime software, both in Mac and Windows. Nine of these can be used to hijack an unknowing user’s machine through what Apple describes as an arbitrary code execution.

Already, Apple has moved to fix around five flaws in its QuickTime software since January. Counting last Wednesday’s update places Apple in an annual pace of fixing 40 vulnerabilities in QuickTime—that compared to just 34 holes plugged in 2007.

Mac users are more and more being targeted by security issues, in an outward parallel to the sky rocketing fame of Apple’s products. And that does not come as a surprise at all in an industry where luster can lure the good guys as well as the bad ones. Apple may very well seem to have taken their point, in the heels of a number of setbacks in their product line during the first quarter of 2008.

The Mac platform went through a second round of scareware last month. The iMunizator was discovered to be a variation of the MacSweeper threat, in an apparent move by rogue security software developers to cash in on the rising number of Mac users.

Interestingly, around half of the security flaws in last Wednesday’s patch came from 3Com Inc.’s TippingPoint and its Zero Day Initiative program. TippingPoint was a major sponsor of the PWN to OWN challenge during the CanSecWest conference in Vancouver where Apple-hacking aficionado Charlie Miller successfully compromised a MacBook Air.

While slowly eating up a larger share of the lucrative financial pie, Apple is starting to feel the rising heat on security risks. And more eyes are on the lookout on how Apple will let off the steam.

 
Posted in Security |



 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro IncAll rights reserved. Legal Notice