Cyber Monday is basically the online retailers’ version of Black Friday and is considered the busiest day of the year for online shoppers and sellers alike. The National Retail Federation (NRF) estimates 96.6 million Americans to shop this Cyber Monday, an 11.5 million increase from 2008’s 85 million, while 87.1% of retailers are going to have a special promotion for the said event.

With such great numbers of shoppers and promotions expected to flood the Web, it is certain that shoppers and sellers aren’t the only ones who will be busy. Cybercriminals are surely bound to leverage on this busy day, that is why users should keep their guards up and watch out for the following ploys that are likely to arise:

1. Tainted shopping search results: Searching for the best deals might bring about some malware-related complications, as search results related to popular sales and well-sought-out products can be manipulated to lead to malicious websites.
2. Phishing spree: Phishers will surely anticipate the throngs of online shoppers who will key in their credit card details as they make their purchases and deploy phishing attacks in hopes of stealing information.
3. Fake receipts used as bait: As non-online shoppers are readily given a receipt on hand as the transaction takes place, online shoppers also are provided receipts through email or other means. Unfortunately, this becomes a convenient leeway for cybercriminals, using fake receipts as bait, in luring users to open files that contain malware.

Despite the expected increase in online shoppers, the NRF expressed that the shoppers aren’t likely to go on careless shopping sprees due to the still-lingering effects of recession. The users, NRF states, are forced to stick to necessities in terms of their purchases.

We strongly suggest that users extend their cautiousness in choosing their purchases to their online shopping habits as well. The Trend Micro Smart Protection Network can and will protect Trend Micro users from these threats by blocking malicious spam emails and URLs and detecting malicious files.

Other users are advised to stay protected and keep in mind that everyone is out for a quick and seamless bargain even cybercriminals.

Thanksgiving kicks off the holiday season in the United States, the top spam-sending country in the world. The holiday season ushers sales and big discounts for users. Unfortunately, however, this also means that spammers will be rushing to offer consumers bogus promos and discounts. Seems even cybercriminals have something to be thankful for, too.

Trend Micro analysts received Thanksgiving-related spam samples. The spammed messages offered users who log in to their sites US$500 worth of “grocery vouchers.” The sites were hosted on different domains that, upon further analysis, have already been blacklisted though they have only recently been created.

Users who are tricked into clicking any of the URLs in the spammed messages landed on sites where they are asked to give out personal information like email addresses, complete names, addresses, and phone numbers, which, as you may already know, may be used for other malicious activities later on or sold in underground forums.

Though it is true that legitimate companies do promote discounts and other special offers online, not everyone who sends promotional offers has good intentions. In fact, most of them don’t. Going into business is, after all, all about one thing alone—making money. Bear in mind that legitimate online offers only send out information on promotions and special offers to those who subscribe to them.

Users are strongly advised to be wary of online offers. Here are some useful dos and don’ts that will help you stay safe from spammers and scammers on the Web:

• Do not open emails that come from senders you do not personally know.
• Do not click links embedded in emails. To check if these are legitimate, you may use free tools such as Trend Micro’s Online URL Query.
• Do not rashly give out your personal credentials online. You may end up just being another phishing victim.
• Do keep in mind that legitimate offers are only sent to subscribers.
• Do remember, too, that cybercriminals will do anything for money so stay safe online by using a security suite that stops threats before they even reach you.

Don’t let spammers and scammers spoil the holidays though. There are ways to stay safe online. For more useful tips and tricks, please visit:

• Social Engineering Watch: Summer
• ’Tis the Season to Stay Secure
• Holidays for Hackers

Trend Micro threat analysts were alerted to the discovery of another ZBOT spam campaign. The emails bear subjects such as “your photos” and “some jerk has posted your photos.” They inform the recipients that someone has posted their photos without their permission on a site and has sent the link to their friends. The recipient is intended to beleive that the “sender” is acting as a “good samaritan,” emailing the one who supposedly posted the said pictures.The URL, of course, points to a website that distributes a malware detected by Trend Micro as TSPY_ZBOT.CJA.

When executed TSPY_ZBOT.CJA connects to several websites to download another malicious file detected as TROJ_DROPR.KB. The spyware also has rootkit capabilities that enable it to hide its processes. ZBOT/ZeuS is one of the most notorious botnets with regard to identity, financial, and information theft.

Users are strongly advised not to open emails from unknown sources. Trend Micro protects users from this attack via the Smart Protection Network, which blocks the spammed messages and prevents the download of the related malicious files.

The activities of the infamous Koobface botnet have been a frequent topic of discussion here at the Malware Blog. Some security analysts recently commented that the botnet has added a new tool to its arsenal as a new alleged “Koobface variant” has been targeting the VoIP application, Skype.

The supposed “Koobface variant,” detected by Trend Micro as TROJ_VILSEL.EA, steals a user’s contact list, phone numbers, location, and other information that may be part of the user’s Skype profile aside from the user’s login credentials. It is also capable of using Skype’s built-in instant messaging capability to send links to people on the affected user’s contact list. These links all go to affected domains with copies of TROJ_VILSEL.EA.

Though TROJ_VILSEL.EA’s behavior is largely similar to previous Koobface variants (the target application excluded), it is actually not a member of the infamous malware family. Both the malicious code and network behavior differ from previously known Koobface variants. It would not be a great surprise, however, if the actual Koobface cybercriminals produce their own variant with this behavior.

This development only highlights the ingenuity of cybercriminals in going after targets using tried-and-tested ways to spread their malicious creations. Trend Micro Smart Protection Network protects users from this attack by blocking access to the malicious URL, thereby preventing users’ systems from getting infected.

Trend Micro threat analysts were alerted to the discovery of spammed messages that purported to come from Media Service. The email bears the subject, “Congratulations,” and informs users that they won a Macbook Air. It also entices users to open the attached .ZIP file, which supposedly contains the details. Of course, the attachment does not hold any details but does contain an executable file (winner.exe) detected by Trend Micro as TROJ_AGENT.AWYQ.

When executed, TROJ_AGENT.AWYQ drops another malware detected as TROJ_CUTWAIL.GO. Cutwail/Pushdo is one of the most notorious spam botnets that sends around 7.7 billion emails a day. Pushdo variants are essentially downloaders, which first infects a system then downloads the Cutwail spam module (also owned by the same criminal gang). It also normally installs one or more different “Campaign Modules” or third-party malware from other malware groups, which account for the large number of observable differences between infections.

In addition, TROJ_AGENT.AWYQ connects to certain mail servers such as Yahoo!, Gmail, and Hotmail where it sends email attachments containing copies of the malware.

Users are strongly advised not to open emails from unknown sources, especially if they seem very enticing. Trend Micro secures users from this attack via the Smart Protection Network, which blocks the spammed messages and detects and deletes the malicious files.