A major attack has hit Japanese users, affecting more than 100 corporate clients. These users visited compromised sites that were used to serve malware via malicious Java files.
As of this writing, we are still looking into this attack although we are releasing information about it in order to warn users of the potential threat.
Here is how this attack progresses:
Users view the legitimate site, which has been compromised by the addition of malicious scripting code.
This malicious scripting code redirects users to ...
A major website that has been compromised and is serving malware is bad news in itself. However, when that attack uses a previously undiscovered and unpatched zero-day vulnerability, the problem worsens.
The official website of the Nobel Peace Prize was compromised and used to serve an exploit targeting a zero-day vulnerability in Mozilla Firefox. On its blog, Mozilla has acknowledged the vulnerability and said that it will issue a patch as soon as this has been tested. The said vulnerability causes ...
I recently tried to unpack an obfuscated JavaScript from a malicious .PDF file when I came across the following Google search results:
To my surprise, one of the resulting online JavaScript unpacker sites has been compromised. Most probably part of a blackhat search engine optimization (SEO) campaign, I finally landed on a page that served a FAKEAV warning.
The usual FAKEAV routine then ensued, which ended with a prompt giving me a stern warning that my system has been infected.
JavaScript unpackers are ...
MercadoLibre, the leading auction site in Latin America, was recently used to spread malware. Cybercriminals were able to inject a malicious script into the page, which prompted users to download and run a fake Adobe Flash Player installer.
The supposed installer, however, is actually a malicious file detected as TSPY_DABVEGI.E. Running this file would cause the malicious file’s routines to be seen on the affected system.
This incident highlights how even “clean” and well-run websites can be used by cybercriminals to spread ...
A group of hackers recently published detailed information from an underground credit card company. On July 23, an anonymous group claimed to have compromised a server of an online credit card processor company. At that time, however, the extent of the compromise was unclear. Looking at the data that was published leads us to believe that the compromise is very plausible.
The leaked data includes employee emails as well as recorded phone calls. A particular recorded conversation discussed the various ways ...
