Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    April 2013
    S M T W T F S
    « Mar   May »
  • Email Subscription

  • About Us

    Archive for April, 2013

    Last April 7, several Israeli websites were targeted by the hacker group Anonymous. Based from reports, certain government and private Israeli websites were not accessible and were possibly victims of a DDoS attack.

    Media coverage of DDoS attacks tend to cover on whether or not the targeted site is knocked offline, and not particularly how they are carried out. This is a mistake, as this ignores the fact that many of the “attackers” are actually systems that have been infected with malware and used to carry out attacks. We will use the data gathered by the Smart Protection Network.

    On a typical day, the traffic to one of the websites targeted in this attack overwhelmingly (more than 90%) comes from within Israel itself. On the day of the attack, however, this was reversed, with only 9% of the traffic we saw coming from inside the country:

    Read the rest of this entry »

    Posted in Bad Sites | Comments Off on Botnets Involved in Anonymous DDoS Attacks

    Traditionally, Brazil is known for being the home of BANCOS, which steals the banking information of users and is generally limited to the Latin American region. Other banking Trojans like ZeuS, SpyEye, and CARBERP, which are common in other regions, are not traditionally used by Brazilian cybercriminals and not aimed at Brazilian users either.

    However, that might be changing. In a local hacker forum, we saw a post where somebody was selling some rather well-known malware kits:

    • Zeus version 3
    • SpyEye version 1.3.48
    • Citadel version 1.3.45
    • Carberp (“last version with all resources”)
    • CrimePack Exploit kit version 3.1.3 (leaked version)
    • Sweet Orange exploit kit version 1.0
    • Neutrino exploit kit
    • Redkit exploit kit

    In addition, if an interested buyer purchases any of the kits listed above, he will also get the kit for SpyEye version 1.3.45 for free.


    Figure 1. Screenshot of the online ad

    It’s worth noting too that the prices posted are extraordinarily attractive. For Zeus and CrimePack, a potential buyer needs only to shell out 350 Brazilian reais (175 US dollars) each. SpyEye and Carberp cost around 150 reais (75 US dollars), while a Citadel kit costs 100 reais (50 US dollars).

    In a later update, the guy also advertised that he had some phishing scam kits too. The targets include well-known entities like PayPal, Bank of America, HSBC and SCI Liberty Reverse (a Costa Rica-based payment processor) and only costs 50 reais (25 US dollars) per kit.


    Figure 2. Updated advertising phishing kits

    Read the rest of this entry »

    Posted in Malware | Comments Off on New Crimeware In BANCOS Paradise

    The truth about the Facebook Profile Viewer is simple: it doesn’t exist.

    You can check every Facebook page or app available, but you can be 100% sure that each one that says “See who viewed your profile!” or “Who’s stalking you?” is just a ruse for Facebook users to reveal their passwords or spread spam. How do they do this? Clickjacking is a surefire way. In a typical clickjacking attack, cybercriminals hide malicious content under the guise of legitimate pages and may use malicious JavaScript to load content from third-party sites, all in a few clicks.

    But what happens if cybercriminals turn to different and newer techniques? Having users type in commands on their keyboard would be a real game changer. Here’s how:


    A closer look at a comment within a spammed wall post showcases the start of a different strategy for spammers this time around.


    Once you click the link on the comment box, it will redirect again to Facebook Log in Page with Pinterest.


    Once logged in, the site redirects to another malicious URL that claims to be “Official Facebook Profile Viewer.” Clicking the ‘Get Started’ button redirects to image with keyboard shortcuts with instructions for users to carry out.

    Read the rest of this entry »

    Posted in Social | 1 TrackBack »

    Windows XP is officially on its last legs – as far as Microsoft is concerned. There is less than a year remaining before official support ends for the 11-year-old operating system on April 8, 2014.

    For users, the biggest impact of this will be that Microsoft will no longer release security updates for Windows XP vulnerabilities after that date. This wouldn’t be a problem, if it weren’t for the fact that so many users are still using XP. Net Applications data says that even now, more than a third of all PCs are still on XP. It was not until August 2012 that the number of Windows 7 users exceeded Windows XP users according to this data.

    The potential for criminals to take advantage of this situation is significant. As long as there are significant numbers of XP users, they will continue to be targeted – and new exploits will continue to see the light of day. In the absence of any security patches from Microsoft, these will be all that more dangerous. (To highlight how they’re still finding new security holes in Windows XP, consider this: every Patch Tuesday in 2013 so far has had at least one Critical bulletin that covered XP.)

    All users still on XP should consider upgrading right away. Most users may be due for an upgrade in their systems anyway, since it’s been years since XP was sold to end users. However, enterprise and other Windows XP users may well have had reasons not to migrate up to this point – for example, custom software that requires XP to work. However, running software that will never be patched is a significant gamble – particularly software that has been as enduring a target as Windows XP is.

    Read the rest of this entry »


    Patch-Tuesday_grayFor this month’s patch Tuesday, Microsoft released security updated to resolve nine bulletins, including a bulletin for two critical issues found in all versions of Internet Explorer on all supported versions of Windows (which includes Windows 8 and Windows RT).

    These issues received a critical severity rating, which means IT or security administrators should consider this bulletin high-priority. These issues affect all versions of Internet Explorer, from IE 6 to 10. If successfully exploited, these vulnerabilities could permit a possible attacker to execute a malware once user visits certain malicious website via Internet Explorer (or what we call drive-by downloads or attacks). The other IE issue may allow a successful attacker to gain the same rights or privileges that an affected user has. Fortunately, this may have less impact if victim has no administrator privileges.

    The other critical bulletin addresses a privately disclosed vulnerability in Windows Remote Desktop. Like the IE bulletin, this issue may allow a remote malicious user to execute malicious code onto the vulnerable system.

    Besides this month’s roster of security updates, Microsoft announced another major reminder, specifically its plan to stop supporting Windows XP and Office 2003 by April 8, 2014. Thus, we might be seeing less and less of updates for the platform until this deadline. To prevent any possible problems, Microsoft is encouraging its customers, who are still using Windows XP, to upgrade to a “more modern platform” such as Windows 7 and 8 the soonest possible.

    Read the rest of this entry »

    Posted in Vulnerabilities | Comments Off on April 2013 Patch Tuesday Includes Fix for Critical IE Issues


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice