Trend Micro threat analysts received samples of spammed messages purporting to have come from mobile phone companies, Vodafone and Verizon Wireless. The email messages carry the subject, “Your credit balance is over its limits” and inform users that their credit balance is due. To be able to review the payments, users should employ the balance checker tool attached to the email.

When users open the attached .ZIP file, they will not find a balance checker tool but will instead get a malicious file (balancechecker.exe) detected by Trend Micro as TROJ_ZBOT.MYS. TROJ_ZBOT.MYS steals online banking credentials such as usernames and passwords. This stolen information may be used by cybercriminals for other fraudulent activities. It also disables the Windows Firewall and has rootkit capabilities that make detection and removal difficult.

Users are strongly advised not to open any suspicious-looking email even it comes from a known source. It is also good to verify any email coming from your mobile service provider just to be sure if it is legitimate or not. Trend Micro protects users from this attack via the Trend Micro Smart Protection Network™ that detects and blocks spammed emails and malicious files.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Third-party security researchers reported that they found a vulnerability in both Windows 7 and Windows Server 2008 Release 2. The said bug exists in the handling of Server Message Block (SMB) packets and can allow malicious users to remotely crash systems if a malformed packet is received by the target system. The crash does not lead to the infamous blue screen of death, however. It merely renders the system unresponsive. Older versions of Windows (e.g., Windows Vista) are not affected by this vulnerability.

Microsoft has not confirmed independent reports. A spokesman said the company was still investigating the issue. Enterprise users are protected by Trend Micro products such as Deep Security and Intrusion Defense Firewall. Trend Micro has issued a security advisory with some more technical details on this vulnerability.

Other users are advised to block the ports used by the SMB protocol and await the official Microsoft response.

Update as of 11:01 P.M. While Microsoft has not confirmed these reports as of this writing, we have verified that Windows 7 is vulnerable.

Update as of November 14, 6:20 A.M. Microsoft has released a security advisory for this vulnerability. Accordingly, the said vulnerability can’t be used to install malicious files and to take control of one’s system. Although the exploit code has been published already, Microsoft said that it hasn’t received any reports of known attacks in the wild. As a workaround, Microsoft advises users to block TCP ports 139 and 445 at the firewall.

Cybercriminals are using compromised Twitter accounts to spam out information-gathering websites to unknowing users.

The attack starts with compromised Twitter accounts. The accounts are used to send out Direct Messages to the followers of the users who own the compromised accounts.

The Direct Message—which is basically the Twitter counterpart of a private message—contains a link to what looks like an IQ test website:

An IQ test may seem harmless but the last thing asked for in the test is no longer an answer but the respondent’s mobile number. Though the real motive for this scheme is unclear, we believe that this was set up to gather mobile numbers from unknowing users to become potential targets for SMS spam or other mobile-related attack.

Users are strongly advised to refrain from clicking the links contained in similar Direct Messages that they may encounter even if the person who sent the DM is a known user. On the other hand, those users who think that their accounts may be one of those compromised should change their passwords as soon as possible.

The Trend Micro Smart Protection Network™ protects users from this by blocking all related URLs.

Update as of 08:49 P.M. “Users who do give out their mobile phone numbers may end up being billed at least US$10 a month for text messages,” says KOMO News. Though not every online IQ test will charge you, most are just there to scam unwitting users. Keep in mind that if a test asks for your mobile phone number, it is looking for a way to bill your mobile phone account. If the quiz looks like it came from someone in your Twitter account then a hacker must have hijacked other people’s accounts to make you think you are getting a message from someone you know.

Update as of November 13, 10:52 A.M. This attack do not simply harvest the affected users’ numbers but signed up their mobile for an auto-renewing subscription as described in the terms and conditions.

Trend Micro threat analysts recently discovered a phishing attack targeting the website of the Capita Group. The said site is dedicated for the company shareholders’ use. It aims to reduce the need for paperwork and provides 24 hour access for greater convenience.

The fake Web portal asks users to enter their surname, shareholder reference number, postal code, telephone number, date of birth, and employer. After entering the said information, the page will redirect them to another login page that requires them to enter their account information—first name, middle name, last name, address, city, country, mother’s maiden name, and email address. Only after filling in the information will the users be redirected to a legitimate page of the Capita website.

Phishers will indeed do whatever it takes just to prey on unwitting victims. For this reason alone, users must be careful in giving out their credentials online. The phishing website used in this attack is already being blocked by the Trend Micro Smart Protection Network™.

Microsoft released six security bulletins to fix 15 vulnerabilities in this month’s Patch Tuesday. Three of these security advisories (MSO9-063, MS09-064, MS09-65) are considered “critical” while the other three have been dubbed “important.”

MS09-067 deals with eight security holes plaguing Microsoft Excel that when successfully exploited can allow remote code execution when users open a specially crafted .XLS file. Users are thus strongly advised to update their systems as soon as possible, as these vulnerabilities (especially those rated “critical”) can be used by cybercriminals to execute worms and drive-by download malware attacks on their systems.

Apart from Microsoft, Adobe also addressed a vulnerability found in Adobe Photoshop Elements 8.0 and 7.0. The said vulnerability can allow cybercriminals to execute commands on the affected system. Though no solution has yet been provided, Adobe issued a workaround that users must apply to avoid infection.

Apple also joined the patch bandwagon as it released its own set of patches to address 58 vulnerabilities affecting Mac OS X. When exploited, some of these security holes can give a malicious user full access to a system. The fixes deal with issues in opening downloaded files and problems with administrator authentication.

Everyone is vulnerable to threats lurking in the Web today. With that in mind, users are encouraged to apply these patches immediately.