In early June, Storm creators inundated inboxes with love-themed email messages, as they are wont to do. Now, three weeks later, a new deluge of Storm spam is bringing news of a “new” earthquake that supposedly struck China. There are several subject lines used, mostly referring to the earthquake. A sample of a spammed email message is as follows: This does not seem to refer to the month-old Sichuan earthquake that devastated parts of the said country May 12th, but ...

Washington Post reports about new ZLOB variants that tinker with an infected user's router to redirect legitimate URL requests to wholly different sites. Trend Micro researchers have obtained samples like these in the wild, TROJ_ZLOB.CCT and TROJ_ZLOB.CCS. They are different from past ZLOB variants (and even from the DNS-changing ZLOBs) because of the specific attempt to target the user's router. Routers are devices that pass data packets along different networks. Here is the attack algorithm of TROJ_ZLOB.CCT: 1. The Trojan first calls ...

The malicious file encryptor GPCODE, which held captive the files of its victims with a 660-bit algorithm for ransom, has not been heard of for two years now. Neither has an incident involving ransomware occurred for the last five months -- but now all that has changed. A new and more powerful variant of GPCODE has emerged, this time encrypting files on affected systems using a much more powerful algorithm. Detected by Trend Micro as TROJ_GPCODE.AD, this file-encryptor uses a 1024-bit ...

On 02 June 2008 7:26 PM PST, one of our analysts came across a malware detection for a file found inside a regionally popular legitimate site. A legitimate site will never host malware on purpose, so it seemed but proper to dig deeper into the story. It appears that instead of setting up some highly sophisticated SQL or XSS attack, which has been all the fare last May, the malicious user took a much more barefaced (and simpler) route: he/she uploaded ...

Here's the latest spam alert from our Content Security Team: An email message purportedly coming from Bradesco, a well known financial institution in Brazil, has been found in user inboxes in Brazil. The text of this email is found below. De: Bradesco S.A Enviada em: terça-feira, 3 de junho de 2008 10:54 Para: {recipient} Assunto: Comunicado Importante Caro cliente, Informamos que desde 14/06/2007, o uso da Chave de Segurança Bradesco Eletrônica para acesso ao Bradesco Net Empresa passou a ser obrigatório. Desde a data 03/06/2008 o ...