Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for March 31st, 2013




    Facebook’s enduring popularity means that cybercriminals find it a tempting lure for their malicious misdeeds. A newly-spotted phishing scam is no exception.

    We came across a malware sample, which we detected as TSPY_MINOCDO.A. The goal is to redirect users who visit Facebook to a spoofed page, which claims to be a part of the social networking website’s security check feature, even sporting the tagline “Security checks help keep Facebook trustworthy and free of spam”.

    It does this by redirecting all traffic to facebook.com and www.facebook.com to the system itself (using the affected machine’s HOST file). This ensures that the user can never reach the legitimate Facebook pages. At the same time, the malware is monitoring all browser activity and redirects the user to the malicious site.

    Users eager to log into Facebook may fall victim to this ruse, taking  the ‘security check’ for face value. This may result in them entering their details and thus exposing their credit card accounts to cybercriminal infiltration.

    Figure 1. Fake Facebook Security Page

    Read the rest of this entry »

     



    Black Hat Europe is a series of highly technical security conferences that gathers professionals, researchers, and leaders of the infosec industry. Below are some of my thoughts about the interesting discussions I attended, which include a compelling talk by Trend Micro threat researcher Kyle Wilhoit about ICS/SCADA.

    Day 1

    My colleague Kyle and I joined the first session of the full-day vehicle networks workshop. Robert Leale of www.canbushack.com gave a nice introduction to controller area network (CAN) bus and other bus systems by, in which he gave basic information on the types of networks found in modern vehicles. I went to the next talk, “Let’s Play – Applanting” by Ajit Hatti, the co-founder of “null -Open security community,” where he described an attack to silently install an app in a user’s device (this has already been fixed by Google). As it turns out, a lot of people in India use their smartphones for online banking.

    XML out-of-band data retrieval” from Alexey Osipov and Timur Yunusov, which I attended later, showed how to retrieve data from an internal machine and network using several web applications.

    Because I own a Huawei USB UMTS/4G stick, I went to the talk “Huawei – From China with Love” from Nikita Tarakanov and Oleg Kupreev. From the discussion, I gathered that the software (available for Windows and Mac) seems to be a mess, security-wise.

    One of the better conferences of the day, Tobias Jeske presented the results of his research about floating car data from smartphones, based from Google Navigation and Waze. For his research, he reversed engineered the protocols with an MiTM proxy and source code and later explained to us the several possible attacks that can be launched.

    Day 2

    The first talk for the day was “The Sandbox Roulette”, which we can summarize as “for an application sandbox (Sandboxie, Chrome, Adobe X) the weakest link is the Windows kernel. An hypervisor sandbox is more secure than an application sandbox.”

    Read the rest of this entry »

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice