TrendLabs researchers recently received a report on malvertisements that appeared while a user was browsing through a popular Web-based email service. At first glance, the ads may seem like the typical Web browser nuisance. However, random ads were proven to be vectors for downloading malware onto users’ systems. In one instance, an ad pointed to a URL containing exploits that download and execute several files on affected systems. The downloaded files include a malicious Java file (detected by Trend Micro as ...

The Saturday night boxing match between Manny Pacquiao and Joshua Clottey was one of the most awaited sports events of 2010. It should not be a surprise then that cybercriminals took advantage of it to spread malware. Another blackhat search engine optimization (SEO) attack led users who wanted to watch the fight online via live video streams (using the search phrase “manny pacquiao vs joshua clottey live streaming”) to malicious sites. Clicking these links led to another FAKEAV variant detected as ...

It seems that fans around the world are not the only ones who are hooked on the Oscars. Just a day after this year’s Academy Awards, Trend Micro threat researchers found FAKEAV variants topbilling the search pages. This time around, users searching for news on the Oscars fell prey to the latest blackhat search engine optimization (SEO) attack that uses the search terms “oscar winners 2010 live.” Almost 80 percent of the results on the first page alone leads to the download of ...

As the security industry evolves, underground cybercriminals are constantly looking for ways to counter the technology challenges presented to them. I recently found out that the bad guys have begun offering services to track the blacklisting of domain names through reputation checks. The number of “businesses” offering this type of service is growing and the service itself has now become semi-automated. This semi-automation can trace the list of requested domain names against the different Web reputation databases. The most recent service I studied is ...

A new KOOBFACE variant is again making the rounds in the social-networking scene. According to Trend Micro researcher, Norman Ingal, the malware employs Facebook’s Private Message feature to proliferate. The threat arrives as a Facebook private message that does not bear a subject but contains a supposed link to a YouTube video. Taking a closer look at the link, however, indicates that it is not an authentic YouTube link as in previous attacks. Users who are tricked into clicking the link are ...