The recent attacks on Google and other large organizations (currently being referred to by others as “Aurora,” “Google attacks,” or “HYDRAQ”) refer to a set of carefully orchestrated, sophisticated, and highly complex attacks. They comprised malicious threats to all three communication vectors—email, Web, and files, plus, most notably, a zero-day vulnerability in Internet Explorer (IE). In order to stay protected, businesses and end users need to deploy proactive vulnerability protection plus cloud-based threat mitigation solutions to stay one step ahead of the threat.

We want to let our readers know that Trend Micro can help users proactively block this malicious attack and others like it—with or without the out-of-band patch released by Microsoft yesterday. In addition to business solutions like Intrusion Defense Firewall (IDF)—an OfficeScan™ plug-in—and Trend Micro Deep Security, we also offer a free tool—Trend Micro Browser Guard—that proactively protects home users by preventing exploits. Trend Micro Browser Guard protects by detecting buffer overflow and heap spray attempts as well as shellcode, thereby protecting users ahead of the threat.

To download Trend Micro Browser Guard, please click here.

In addition to these proactive solutions, Trend Micro also recommends that companies and home users ensure that their security software is up-to-date—preferably that users utilize Web reputation capabilities to block access to sites that host malicious code like those used in the Google attack.

In the recent attacks, targeted spammed messages loaded with malware were also sent to users. Users with vulnerable IE browsers may unwittingly access malicious sites containing hidden JavaScript malware that takes advantage of a zero-day vulnerability. Microsoft initially advised users to enable the use of “Data Execution Prevention (DEP)” but cybercriminals attempted to counter this by introducing a new exploit code that bypasses this. Microsoft was thus forced to release a patch outside of its regular Patch Tuesday cycle.

While the initial attacks targeted specific companies, the threat has since evolved and is now fully in the wild, leaving all Internet users potentially at risk.

After the earthquake that hit Haiti last January 12, the Internet was flooded with requests for financial donations from all sorts of companies and organizations. It should be noted that not all of these were true to their stated intentions.

Martin Roesler, Trend Micro Director of Threat Research, warns Internet users to be very careful when clicking links regarding the latest earthquakes in Haiti. “We have already seen fake donation sites, spam, and FAKEAV-related search engine optimization (SEO) poisoning attacks using this event as a social engineering tactic and their number is still increasing. Users who really want to make a donation should ensure that they do so only on trusted sites, that all the security features of their Web browsers are enabled, and that they manually double-check the URLs they are connecting to. Do not trust email messages offering ‘one-click-donation’ or similar services.”

The spammed message above poses as a call for relief goods and donations supposedly from the UNICEF International Response Fund. It even described the supposed efforts the agency is currently engaging in to assist victims of the recent Haiti earthquake. Unfortunately, however, the link to the supposed donation site was found to lead to a phishing page instead.

Users searching for information about the event are also at risk of landing on malicious sites due to SEO poisoning. Clicking poisoned links lead to the installation of TROJ_FAKEAV.ZXS, a FAKEAV variant.

Using tragedies as a social engineering tactic is no longer new to cybercriminals. Natural calamities, celebrity deaths, viral videos, and other controversial stories—just about anything that can create a huge ruckus on the Web—are just some of their staple scam triggers. As such, both the Federal Bureau of Investigation (FBI) and CNET have released articles to make would-be donors aware of these and thereby protect themselves.

Trend Mico™ Smart Protection Network™ protects users from threats like these in real time by preventing spammed messages from reaching their inboxes, blocking access to identified malicious sites and domains, and detecting and preventing the download of malicious files.