Trend Micro has obtained samples of malware implicated in a recent incident that forced the Israeli police department offline. According to media reports, the severity of the attack was enough for all police computers to be taken temporarily offline last Thursday.

The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip following rocket barrage to make it more legitimate.

When unsuspecting recipients open the email, they will find a .RAR file attachment, which leads to the backdoor detected by Trend Micro as BKDR_XTRAT.B. Examining the e-mail headers, the target appears to have been within the Israeli Customs agency:

Read the rest of this entry »

The hotel booking spam recently reported has made its way into German users’ inboxes. The email purporting to be from one of the Brenners Park-Hotel and Spa in Austria has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation.

The email sample above was sent to a personal email address of one of Trend Micro’s managers. He almost fell for it, given that he travels a lot – until he noticed the address of the hotel.

It’s too bad the spammers aren’t as good with geography as making spam: the actual Brenners Park-Hotel and Spa is in Baden-Baden Germany and not in Austria. While he was initially looking forward to attending the hotel, having read the excellent reviews on TripAdvisor, the email made it clear that this was, unfortunately, a scam. Good thing though, the attachment was already flagged and detected by Trend Micro as BKDR_ANDROM.P.

Read the rest of this entry »

It has become an inevitable part of the Android user experience that apps will ask for a long laundry list of permissions. Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone’s state and identity so calls won’t disrupt them from doing what they’re doing. Unfortunately, these permissions can be abused for criminal intentions.

Rise of Aggresive Mobile Adware

Aside from apps abusing user’s permission, we noted a significant rise in the number of aggressive mobile adware, as reported in our 3Q Threat Roundup Android Under Siege: Popularity Comes at a Price. Trend Micro consider these adware as “high risk”, as they pose serious threat to user’s privacy and serve as effective means to collect data, which can be used for suspicious purposes.

Recently, I was testing Android apps from Google Play and after after a simple typo, I carelessly downloaded a Flash player app. Fortunately, the installed Trend Micro Mobile Security app notified me of a dangerous app.

Read the rest of this entry »