Busy day in TrendLabs today, first the full analysis of and news on ZeuS and SALITY, which are exploiting the Windows shortcut vulnerability. Now we’ve identified a ton of compromised websites leading to an “online pharmacy.”
We’re currently seeing a wave of fake pharma spam that do not directly advertise the URL of the fake pharma site. Instead, the spammed messages advertise URLs that point to HTML pages hosted on compromised sites.
Obfuscation Layer for Spam
These HTML pages are uploaded to the ...
Chinese PC manufacturer Lenovo is the latest high-profile company to be compromised. Sometime over the past weekend, its support pages, which allowed users to download drivers and manuals, were compromised with the addition of a malicious iframe.
The website in this malicious iframe led to the download of a BREDOLAB variant detected as TROJ_BREDOLAB.BY. This malware family is well-known for being a downloader of other malware onto affected systems, particularly ZBOT and FAKEAV variants.
BREDOLAB first gained prominence in late 2009 when ...
Last week, we had two major mass compromises. The first one hit more than 100,000 websites, including major news sites like the Wall Street Journal and the Jerusalem Post. The second campaign was much smaller, hitting only around 1,000 pages, and also lacked similarly high-profile victims although the casino firm Ameristar was on the victim list.
The first attack directed users to http://www.{BLOCKED}nt.us/u.js. Once users go to this URL, they inadvertently download a Trojan detected by Trend Micro as TROJ_DLOAD.VAC. ...
Mass compromises have not been in the news of late but a new wave recently hit the headlines. According to news reports, users running the popular blogging platform WordPress have been hit with an attack that modifies a setting within the application that contains the URL of a blog.
In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected ...
Less than a month after the so-called “Iranian Cyber Army” reportedly “hacked” the popular micro-blogging site, Twitter, they are back with another attack, this time against another Internet giant, Baidu. Baidu is China’s most popular search engine, as 62 percent of the total number of Web searches in the country are done with it compared with Google’s 29 percent share, according to research firm Analysys International.
Some days ago, users who tried to access Baidu were instead redirected to the following ...
