The IRS officially kicked off the beginning of tax season in the US, and just right in time for it are the cybercriminals who are already taking advantage and using tax-related messages as a social engineering lure.
We've recently spotted samples of spammed messages posing as a notice from Fidelity Investments, a well-known American financial institution.
The email, which is in a newsletter-format, contains the subject "Your statement is ready for your review". It informs recipients that his/her tax statement is attached ...
Just as the saying goes that there are many ways to skin a cat, threat investigation can also be done a handful of different ways, employing various expertise, especially when dealing with a threat employing several pieces of malware and a relatively robust C&C infrastructure.
But even though methodologies may change, whether through reverse engineering or analysis of the botnet infrastructure, the goal of understanding what the threat is all about is the number one priority.
Trend Micro is fortunate enough to ...
2011 was rife with both challenges and wins not only for Trend Micro but also for the rest of the security industry and our fellow cybercrimefighters in law enforcement. True to one of our predictions, 2011 has been dubbed the “Year of Data Breaches,” as we witnessed organizations worldwide succumb to targeted breach attacks and lose what we have come to know as the new digital currency—data.
As we prepare for the year ahead, let us take a look at some ...
We have found evidence that the human rights organization found affected by a website compromise is not the only intended target for the attack.
The website was said to have an iframe that redirected users to another compromised site in Brazil. The site executed a malicious Java applet detected as JAVA_DLOAD.ZZC. JAVA_DLOAD.ZZC leverages a vulnerability in Java CVE-2011-3544 to install TROJ_PPOINTER.SM, which in turn drops BKDR_PPOINTER.SM. BKDR_PPOINTER.SM connects to a certain URL to send and receive commands from the attacker. It ...
Looking for cheaper iPhone 4S this holiday season? Be wary, because cybercriminals can trick you into giving out your online financial credentials. We’ve recently found a phishing attack that specifically targets users who are out to purchase an iPhone 4S through eBay.
The attack involves domains that display replicated eBay posts for iPhone 4S units. The screenshots below show a sample of the fake page, and the original eBay post from which the content was copied.
There are some differences between ...
