Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2013
    S M T W T F S
    « Mar   May »
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for April 16th, 2013




    Within a short time period of less than 24 hours, cybercriminals have already taken advantage of Monday’s explosion at the Boston Marathon as a newsworthy item. My colleague Mary Ermitano-Aquino noted a spam outbreak of more than 9,000 Blackhole Exploit Kit (clarification below) spammed messages, all related to the said tragedy that killed at least three people and injured many more. Some of the spammed messages used the subjects “2 Explosions at Boston Marathon,” “Aftermath to explosion at Boston Marathon,” “Boston Explosion Caught on Video,” and “Video of Explosion at the Boston Marathon 2013″ to name a few. Below is a spam sample she found:

    Figure 1. Sample spam email related to the Boston marathon blast

    Figure 1. Sample spam email related to the Boston Marathon blast

    The spammed message only contains the URL http://{BLOCKED}/boston.html , but once you click it, it displays a web page with an embedded video, supposedly from YouTube. At this point, users who click the link may have already downloaded malware unknowingly, aka drive-by-download attacks. Here’s a screenshot of the web page with the embedded video:

    Figure 2. Malicious web page with the embedded video

    Figure 2. Malicious web page with the embedded video

    Read the rest of this entry »

     



    Last April 7, several Israeli websites were targeted by the hacker group Anonymous. Based from reports, certain government and private Israeli websites were not accessible and were possibly victims of a DDoS attack.

    Media coverage of DDoS attacks tend to cover on whether or not the targeted site is knocked offline, and not particularly how they are carried out. This is a mistake, as this ignores the fact that many of the “attackers” are actually systems that have been infected with malware and used to carry out attacks. We will use the data gathered by the Smart Protection Network.

    On a typical day, the traffic to one of the websites targeted in this attack overwhelmingly (more than 90%) comes from within Israel itself. On the day of the attack, however, this was reversed, with only 9% of the traffic we saw coming from inside the country:

    Read the rest of this entry »

     
    Posted in Data, Hacked Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice