In our daily monitoring of the mobile threat landscape, we found a copy of the game Temple Run in the Android Market. Temple Run is a popular game app currently available for iOS only. I checked the app and immediately noticed something odd about it. I decided to analyze it to check if my doubts had any basis.
This copy of Temple Run (or so it claims) is seen as available on the Android Market. But if you’ll check the information on ...
We've recently encountered malware that grabs MS Word and Excel files from users' infected systems and then uploads them to the file hosting site sendspace.com. Sendspace is a file hosting website that offers file hosting to enable users to "send, receive, track and share your big files."
Sendspace was recently used for dropping stolen data but wasn't done automatically by malware. As reported late last year, hackers used Sendspace for rounding up and uploading stolen data.
However, this is the first time we're ...
Last year, the security industry was plagued by a series of APT reports, which included the "Nitro Attack". The backdoor used here is known as PoisonIvy or BKDR_POISON. Its builder is available online. Security vendors have then taken measures to counter this threat to help customers battle against similar infections in the future. However, a recent discovery of the downloader's stealth mechanism proved that the fight is not yet over.
We thought that there was nothing much to see when we ...
It's never too early to get ready for Valentine's day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.
The said attack begins with a post on affected users' wall inviting other users to install a Valentine's theme into their Facebook profile.
Once users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on ...
Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004)
The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.
In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as ...
