Massive iFrame attacks on top Web sites still threaten online searches. The threat is not just continuing but, according to independent Internet security researcher Dancho Danchev, is getting bigger as well. Trend Micro has recently reported two high-traffic sites that were iFramed earlier this month. The said attack relied on popular search terms that were not validated in search engines. Interestingly, this previous attack came less than a week after search results of popular Web sites ZDNet Asia and TorrentReactor were ...

XLS files specially designed to exploit a currently unpatched vulnerability in Microsoft Excel (identified as CVE-2008-0081) are reportedly being sent as email attachments in the wild. The attachments, which arrive either as OLYMPIC.XLS or SCHEDULE.XLS are capable of dropping and executing Windows binary executables. This Trojan also drops a non-malicious Excel file and opens it upon execution to trick the user that it is the attached Excel file. Below are screenshots of the dropped Excel files of OLYMPIC.XLS and SCHEDULE.XLS respectively. Both ...

February started off with some compromised tour sites, one about Thailand and the other about the Pyrenees Mountains in Spain. As Valentine’s Day approached, numerous mailboxes probably received spammed messages containing a link where NUWAR’s latest variant could be downloaded. The rest of the month was filled with spammed messages, uncovered exploits and compromised Web sites and towards the last few days of February we witnessed another wave of the Italian Job. Here is last month’s malware roundup. Notable Malware TSPY_LDPINCH.FE This malware ...

On Sunday, an Italian blog reported of several compromised sites. After some investigation, we found that all sites that were reported have one thing in common: they were created using Plone, an open source content management system. Upon further research, we found that a Search Engine Optimization (SEO) blackhat technique called "Doorway Pages" was used, not only to promote some adult pages, but also to redirect the users to pages that download malware or fake anti-malware programs using redirectors. The two ...

Well I guess it's better late than never... Or not. Apparently, one of the three recently revealed bugs on Adobe Reader has already been actively exploited by hackers for at least three weeks before it was patched. That's after thousands had already been affected. Discovered by iDefense Labs researcher Greg McManus, this exploit was initially reported to Adobe in October 2007 but remained unacknowledged. SANS Internet Storm Center reported that the flaw remained unfixed, only to be patched three weeks after the ...