Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2012
    S M T W T F S
    « Nov   Jan »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for December 10th, 2012




    The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites.

    Users encounter this threat by being tagged in a photo posted by one of their contacts on Facebook. The post states that users can know who visited their profile on Faceboofk and how often. It also includes a photo posted via Instagram.

    We noticed that the photo and the names used in the “Recent Profile Views” (see below) are used repeatedly for other attacks.

    Should users decide to click the link, they are lead to a page with instructions on how to generate the verification code. Once done, a pop-up window appears, which is actually the Instagram for Facebook app asking users to click “Go to App” button. Once done, it redirects users to a page that looks like the Facebook Home page.

    Read the rest of this entry »

     


    Dec10
    3:47 am (UTC-7)   |    by

    Yes, it does. And depending on where you are located, it can even speak in your mother tongue.

    As discussed in our paper Police Ransomware Update, the people behind police Trojan/Ransomware have implemented improvements to make this threat more effective. Gone are the days when ransomware simply showed a message that users’ systems are “captured” and that they have to pay for a fee to have them back.

    These days, this new breed of ransomware notifies users of the fee (or ransom) under the guise of the victim’s local law enforcement agencies. Thus, a user with a ransomware-infected system from France will get a notification from the Gendarmerie Nationale, while a US-based one will likely receive a message from the FBI.

    To level up the ante, we received a report that a new police Trojan variant even has a “voice”. Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now verbally urges users to pay. The user won’t need a translator to understand what the malware is saying – it speaks the language of the country where the victim is located.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice