Aug14
9:58 pm (UTC-7)   |   by Jasper Pimentel (Advanced Threats Researcher)

Notable Malware

WORM_NUWAR.VQ, TROJ_DROPPER.OAC
These malware took advantage of the Fourth of July celebrations in the United States to increase their chances of distribution. A malicious URL was included in eCards that were spammed during this time. The URL pointed to locations from where these malware could be downloaded.

TROJ_PIDIEF.JT
Sometime in mid-July, an email was being spammed, foretelling the supposed death of the Internet in 2010. The email had a PDF attachment, which contained “more details” of the news. Users who were tricked into clicking the PDF attachment open would soon find themselves with an unexpected guest on their systems, in the form of TROJ_PIDIEF.JT.

BKDR_POISON.GO, TROJ_FAKECLEAN.A
POISON and FAKECLEAN are two malware that pose as virus cleaning tools. Towards the end of July, these malware were being sent out through email by Chinese hackers. The email claimed that these “applications” were Trend Micro Virus Clean Tools. There is actually a Trend Micro Virus Clean tool, but what makes this incident suspicious is that Trend never sends applications as attachments through email.

Exploits and Vulnerabilities

Internet Explorer Vulnerability
As July began, a vulnerability was discovered in Internet Explorer. According to reports regarding the vulnerability, access to an HTML document’s frames was not restricted, implying that the frame contents could be replaced, presumably with malicious content. This allows for further potential in browser-based attacks against the user.

TROJ_MDROPPER.ZY, TROJ_PPDROP.M, TROJ_MDROPPER.ZT
Even the 2008 Summer Olympics was not spared as a tool for malware distribution. In the early weeks of July, .DOC files with malicious content were spreading around. Users were tricked into opening them since the documents seemed to have some info or news on the Olympic games. These .DOC files were actually exploits that took advantage of a vulnerability in Microsoft Word 2002 Service Pack 3. When exploited, the unspecified remote code-execution vulnerability could allow remote attackers to take complete control of an affected system, or cause the application to crash.

Web Incidents

TROJ_AGENT.AYZO
TROJ_AGENT.AYZO is the malware behind the recent wave of compromised Web sites. In July, quite a number of legitimate Web sites were compromised. Additional Web pages were added to the Web sites’ domain, usually ending in START.HTML, BEGIN.HTML or R.HTML. Once accessed, these malicious Web pages redirect the browser to a location where TROJ_AGENT.AYZO can be downloaded.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, August 14th, 2008 at 9:58 pm and is filed under Security . You can leave a response, or trackback from your own site.



Leave a Reply


A Million Search Strings to Get Infected
Fake Antivirus Trojans Ramping Up


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice