Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    July 2012
    S M T W T F S
    « Jun   Aug »
  • Email Subscription

  • About Us

    Archive for July, 2012

    Despite the presence of the legitimate Google Play app store, cybercriminals are still hooking users by distributing malicious Android games themselves. Now, they’re taking advantage of a list of best-selling Android games.

    As before, the criminals have created .RU domains for each Android game they’re (supposedly) distributing. Links to these domains will spread via forum or blog posts, as well as email. Here’s a full list of the games that are being used by this new wave of mobile malware:

    If you look closely at the above list, you can see the wide selection of targeted apps. These include newly developed games like Cut the Rope: Experiments and Amazing Alex; Editor’s Choice apps like World of Goo, Shadowgun, Sprinkle, Where’s My Water, Osmos HD, Riptide GP and Angry Birds Space Premium. Many of these are top sellers as well.

    Aside from best-selling games, some popular movie franchises like The Amazing Spiderman and The Dark Knight Rises are also being exploited, even if the actual games themselves don’t exist. Here’s the page for the supposed Spiderman game:

    All of the download links in these pages actually redirect users to a separate site, where the malicious APK files are actually hosted. Some of the sites in question also include QR codes, although these lead to the same files. (We detect these files as ANDROIDOS_SMSBOXER.B.) This particular malware family is notorious for abusing premium services numbers, which may result in high phone charges for the user.

    Trend Micro customers are now protected by blocking the malicious URLs and detecting the files via the Smart Protection Network. In particular, Trend Micro Mobile Security for Android also detects these malicious apps, preventing their installation on mobile devices.

    As we mentioned earlier, these particular attacks against Russian Android users are not new. Previous attacks have claimed they were websites for Angry Birds Space, Farm Frenzy 3 and Temple Run. (We have compiled a Web Attack entry discussing these threats as well.)

    Posted in Bad Sites, Malware, Mobile | Comments Off on Malicious Versions of Best-Selling Android Games Spreading In Russia

    The much-anticipated 2012 London Olympics is set to kick off this Friday.

    As the event draws nearer, we expect to see online attacks riding on different Olympics-related activities. Sure enough, we saw this interesting Facebook wall post regarding the said event:

    The site, hosted on the domain liveolympictickets(dot)com, appears to offer tickets for sale. Moreover, the site uses the colors and look and feel of the official site:

    Exploring the site, I found that clicking on the blue tab Olympic Tickets – Buy Tickets for the London 2012 Olympics leads to other pages within the site that mimics normal online transaction pages, such as details about the items to be purchased. In this case, if the user proceeds with the transaction, he/she can choose which games to watch:

    However, towards the end, the user is asked for their personal details:

    After this, the site asks the user to continue with the payment by entering credit card details or choosing another payment method:

    The final page shows that the user’s order has been “confirmed.”

    We checked the official website of the London Olympics, where it was possible to check if the ticket vendor was legitimate. However, the site was not recognized and therefore unauthorized to sell tickets. The rest of our investigation shows that it is indeed a phishing page set up to capture user information.

    Additionally, we also saw a lot of newly created domains related to this event that included keywords like “2012 london summer games,” “2012 olympic ticket,” “britain olympics 2012,” “olympic 2012 ticket” and other variations thereof.

    We already block all malicious URLs involved via the Web Reputation Service; therefore Trend Micro customers are now protected via Trend Micro Smart Protection Network.

    For complete information on the latest Olympic-themed threats—including quizzes and safety guides, you can visit Race to Security, the Trend Micro security guide to major sporting events such as the Olympics, by clicking the banner below:

    Related posts:

    Posted in Bad Sites, Social | Comments Off on Bogus London Olympics 2012 Ticket Site Spotted

    Over time, attackers continuously update their tactics to respond to security experts’ countermeasures. In a constant game of cat and mouse, attackers shifted tactics using several notable tools and techniques alongside the usual. The security roundup for the second quarter presents key highlights and developing trends in the security landscape.

    Trend Micro research in the second quarter shows that attackers carefully selected their targets albeit sticking to time-tested tactics and going after the same end goals. The bad guys moved away from launching large-scale attacks and instead focused on more specific and somewhat “personal” targets.

    The security roundup brings to light various threats Trend Micro encountered in the second quarter. Using more advanced tools like automatic transfer systems (ATSs)—the latest addition to widely used cybercrime toolkits—attackers streamlined their list of targets to only online banking customers in countries like Germany, the United Kingdom, and Italy.

    Carefully choosing targets was also evidenced by Trend Micro research findings on advanced persistent threat (APT) campaigns like IXESHE. Trend Micro also protected small and medium-sized businesses (SMBs) against more than 142 million threats in the first half of 2012 alone. Android malware like fake spying tool apps continue to increase in number due most likely to the continued rise in the OS’s popularity for more than 400 million active Android-based devices. Lastly, true to the quarter’s theme, Pinterest took the spotlight as its users were lured to take part in several survey scams due to its steady rise in popularity.

    To take a closer look at the security landscape in the second quarter, read our comprehensive report, “It’s Big Business… and It’s Getting Personal.”

    Posted in Bad Sites, Malware | Comments Off on Attacks Get Personal in Q2

    With only a few days until the start of the Olympics, the sports craze has reached a fevered pitch—for cybercriminal activity. We have been reporting on the various threats and scams that Olympics fans might encounter online and while the lure might be Olympic-centric, the threats remain the same.

    In these Olympic-themed threats, the payload can be information and/or infection. Information is the new currency and cybercriminals want your data. Previous incidents of Olympic-themed spam shows that cybercriminals will use any ruse, such as fake contests or lotteries, just to get your personal information. While some spammed messages limit themselves to requesting recipients to reply with their contact details, other messages go the extra mile and urge recipients to contact and give their personal details to a specific person.

    Infection is also a possible result for these Olympic-themed threats. Spam may contain attachments that are actually malware in disguise. To lure users into clicking (and thereby executing) these malicious attachments, cybercriminals use lures such as winning notifications or even supposed official advisories from the Olympics committee.

    There are other methods for users to become victims of cybercriminals during this Olympic season. Users in search of Olympic updates or video streams online may end up accidentally visiting malicious or compromised sites which host malware. Olympic fans may also wind up receiving messages that supposedly offer big perks such as free tickets or discounts in exchange for their money.

    For complete information on the latest Olympic-themed threats—including quizzes and safety guides, you can visit Race to Security, the Trend Micro security guide to major sporting events such as the Olympics, by clicking the banner below:

    Other Olympics-related threats were discovered days/weeks before the Games’ opening. Read more about them:

    Posted in Malware, Social, Spam | Comments Off on Countdown to the Olympics: Are You Safe?

    The massively popular and entertaining pastime of online gaming is done by millions all around the world but little realize its not-so-entertaining drawbacks. People tend to create another self in the world of online gaming. It’s easy to assume that that there is nothing harmful with losing yourself in that other world. But as mentioned in our e-guide, online gaming also has a dark side that opens up possibilities of financial theft and hacked or stolen accounts. In fact, we’ve been seeing more and more in-game phishing activity in the massively multiplayer online role-playing game (MMORPG) World of Warcraft.

    That said, online gaming today clearly isn’t just about fun and games, no matter what type of gamer you are. Our new infographic illustrates some quick stats on casual and hardcore gamers as well as the risks they may encounter. Can you guess how many times the Angry Birds games were downloaded? How about the estimated population of console gamers? To know the answers to these and more, check out our latest infographic “What Type of Gamer Are You?

    Posted in Bad Sites | Comments Off on What Type of Gamer Are You?


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice