Earlier today, Senior Threat Researcher Joseph Reyes spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities: JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files. JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN. JS_SHELLCODE.BU exploits a vulnerability in Microsoft OWC to download JS_SHELLCODE.BV. Initial analysis done by Threat Analyst Jessa De La Torre shows that the scripts above may be ...

With the growing concern with numerous vulnerabilities, just this afternoon, Trend Micro Research Project Manager, Ivan Macalintal, stumbled on a somewhat regional fallout of this SQL injection in India threading through numerous compromised government, tourism, popular media, and other sites. We have identified the following new URLs leading to more malware that made it into unknowing users' systems while visiting sites where the malicious script injection was found and identified: http://lsg.kerala.gov.in http://www.lsg.kerala.gov.in http://www.bangaloremirror.com http://www.mumbaimirror.com http://www.kolkatamirror.com http://www.mumbaipluses.com http://education.indiatimes.com http://www.kolhapurbusiness.com http://www.bizxchange.in http://timesascent.in http://www.studio3india.com http://www.timesascent.co.in http://www.mumbaibusinessdirectory.in http://www.tourindianow.org http://www.bizxchange.in http://www.maharashtradirectory.com Based on Trend Micro threat analyst Joseph Pacamarra's initial findings, the ...

Six security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks. The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered the exploit was inserted in the said websites, which when successfully executed drops WORM_KILLAV.AI into the affected system. The security advisory MS09-032 already addresses the ...

June saw more than its fair share of mass-compromised websites—with one wave early in the month and Nine Ball hitting later on in the month. One would hope that July would be different, but it was not to be. Last week saw another wave of compromised websites that had one thing in common—they were all running ColdFusion on their servers. ColdFusion is a popular platform for developing Internet applications. It is currently owned by Adobe. Users blamed the effectivity of this ...

Earlier today, TrendLabs has been alerted of a zero-day exploit in the Microsoft Video streaming ActiveX control MsVidCtl. Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit. Trend Micro detects it as JS_DLOADER.BD. Here’s a screenshot of the encrypted exploit code: The shellcode of the exploit is XOR encrypted. Below is the screenshot of the decrypted shellcode: Microsoft already released ...