2009 September 10 | TrendLabs | Malware Blog

September 2009
S	M	T	W	T	F	S
« Aug		Oct »
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Sep10

7:18 pm (UTC-7) | by Jessa De La Torre (Threat Response Engineer)

As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint.

Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH.

September 11 search results

Figure 1. Poisoned Google search results

As shown in the image above, TROJ_FAKEAV.BOH may arrive on the system as Scanner-7c545a_2031.exe from several malicious Web sites that can all be found in the poisoned Google search results.

Trend Micro users are already protected from this threat, as the malicious file(s) are already detected and the download links are already identified and blocked by the Web Reputation Service.

The people behind FAKEAV still show no sign of slowing down. With the holiday season coming up, users are also advised to refrain from visiting unknown sites returned in Search Engine results and rely on reputable news agencies instead.

Posted in Malicious Sites, Malware, Security | TrackBacks (16) »

Sep10

Heads Up For Holiday Spam

7:14 pm (UTC-7) | by Maria Alarcon (Anti-spam Research Engineer)

September signals the onset of holidays and as early as this month, spammers are already gearing up for the said season as they “spamvertise” their products.

Just recently, Trend Micro discovered several spammed messages that used “Christmas” as its subject. The said spam email entices users to avail the “best gift” for their loved ones by clicking the URL.

Figure 1. Sample spam

Figure 2. Sample spam

After the users clicked on the link, it points them to a website that sells replica watches for a discounted price. Although the redirected site does not infect users with malware, it could possibly lead to information theft.

Figure 3. The website where users are redirected to.

Cybercriminals often use the holidays as part of the social engineering ploy. Trend Micro recently blogged about these tactics in the following blog posts:

Trend Micro protects users from this spam attack via the Trend Micro Smart Protection Network. Users are also advised to stay vigilant especially in the upcoming holidays as spam (that may even contain malware) is very rampant.