Compromised websites are a sad fact of life on the Internet today, and here’s proof. Last week the website of a major British music producer was compromised, and stayed that way for at least several days. The site is now clean (last checked July 31, 2009) but the lessons to be learned from it remain relevant. The site was compromised with a script that sent users to a domain identified by Trend Micro researchers as a known disease vector, as shown ...

With the growing concern with numerous vulnerabilities, just this afternoon, Trend Micro Research Project Manager, Ivan Macalintal, stumbled on a somewhat regional fallout of this SQL injection in India threading through numerous compromised government, tourism, popular media, and other sites. We have identified the following new URLs leading to more malware that made it into unknowing users' systems while visiting sites where the malicious script injection was found and identified: http://lsg.kerala.gov.in http://www.lsg.kerala.gov.in http://www.bangaloremirror.com http://www.mumbaimirror.com http://www.kolkatamirror.com http://www.mumbaipluses.com http://education.indiatimes.com http://www.kolhapurbusiness.com http://www.bizxchange.in http://timesascent.in http://www.studio3india.com http://www.timesascent.co.in http://www.mumbaibusinessdirectory.in http://www.tourindianow.org http://www.bizxchange.in http://www.maharashtradirectory.com Based on Trend Micro threat analyst Joseph Pacamarra's initial findings, the ...

Earlier this month, TrendLabs security experts discovered that around 40,000 websites have been hacked and seeded with code that bombarded visitors' PCs with countless browser exploits to install a Trojan, which we already detected as TROJ_FFSEARCH.A. This Trojan has been found to be among the malware installed by another threat. It is known as FFSearcher, named after one of the websites used in the scam, ffsearcher.com. Click fraud has become a rapidly growing problem for legitimate companies and advertising networks as ...

Twitter is a very popular platform for expressing whatever is on a user's mind, making it a favorite target of malware authors. Trend Micro has published several blog entries that discussed attacks on Twitter. Now, the creators of Koobface included a new component in the malware to target the vast number of Twitter users. They've come up with the latest update to the Koobface loader binary and other known Koobface components that target social networking sites like Facebook, MySpace, Hi5, ...

The hype after recent mass compromises has not even died down yet and already another massive attack has been launched. Trend Micro was alerted to the emergence of another mass compromise, dubbed Nine Ball, for the same reason Gumblar was named Gumblar. This time, however, the Nine Ball domain was only one of hundreds of landing pages users could be redirected to. As reported by Ivan Macalintal, Trend Micro Threat Research Manager, the infection starts when a user accesses a compromised site that ...