Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2013
    S M T W T F S
    « Jul   Sep »
  • Email Subscription

  • About Us

    Archive for August 13th, 2013

    Early this August, we wrote about cybercriminals using a well-publicized vulnerability in Android to launch an attack against users who do their online banking on their mobile devices through an app. This time, we discovered a mobile phishing attack that not only attempts to steal users’ login details, but also asks victims to upload an image file copy of their government-issued ID.

    This particular phishing campaign resembles the typical scenario: it involves a spoofed website of the bank’s mobile online banking login site, with a URL that closely mimics the original banking site.

    Despite the similarities, though, there are some noticeable differences, such as the support for SSL protocols. Thus, the phishing site does not have the usual security symbol nor the HTTPS:// protocol that usually identifies a secure website. There are also graphical differences between the two:


    Figure 1. Legitimate site vs. spoofed page

    The phishing page asks for the user’s login details – but it doesn’t stop there. After entering their login details, the user will be sent to another spoofed page that then asks for their e-mail address and password. This is presumably so that when the user tries to recover their account by changing their login details, the cybercriminals responsible will be notified and thus still be able to access the said account.


    Figure 2. Phishing page asking for email credentials

    Not yet satisfied with all of this stolen information, the scam goes on to lead the user to another spoofed website that then asks the user to upload a scanned image file of their government-issued ID.


    Figure 3. Phishing page that asks for an image of a government ID

    Assuming that the user does supply such a file, they will be asked to continue to their account via a link – but the link, of course, only leads to a dead website.

    This is an unprecedented level of phishing here, as not only does the cybercriminal get access to the victim’s bank account and email account, but they also get the victim’s identification card – which could be used for all sorts of scams and fraud involving identity theft.

    While phishing attacks that actually ask for scanned copies of real-world identification is new, the barter of such material isn’t. In our paper about the cybercriminal underground in Russia, Russian Underground 101, we talked about how copies of victims’ identification documents s are bartered and sold not only for profit but also for use in identity theft, with prices that range from US$2 to US$25, depending on the type of document. These documents could be identification cards, passports, to working VISAs.

    Mobile phishing is on the rise. We’ve reported as much early this year, as well as how the cybercriminals dabbling in it are using the limitations inherent in the platform to carry out their deeds (such as the small screen size hiding URL discrepancies and security symbols). With smartphones being as popular as they are and being powerful enough to do most tasks we usually devote a desktop to, it’s not surprising that cybercriminals are taking advantage of the platform to nab more victims and milk them dry for personal information.

    Thankfully, users can protect themselves from this kind of cybercriminal activity. Some practices the user can keep in mind:

    • Bookmark frequently-visited websites. This eliminates the chance of being routed to a phishing website through typographical errors in the URL bar.
    • Always verify first. Users should verify first with the institutions involved (such as their bank) whenever encountering strange and unexpected procedures in their transactions.
    • Use a security solution. Security solutions immediately block phishing websites, preventing users from mistakenly accessing them.

    Trend Micro users are protected from all the elements involved with this phishing threat, with the URLs of the fake website blocked.


    Posted in Mobile | Comments Off on Mobile Phishing Attack Asks for Government IDs

    Patch-Tuesday_grayIn today’s Patch Tuesday, users and administrators everywhere are advised to immediately update their systems with the latest security updates from Microsoft, with critical updates for Internet Explorer taking the spotlight.

    For the month of August, Microsoft releases eight bulletins, three of these rated Critical while the rest are tagged Important. Similar to previous Patch Tuesdays, fixes for Internet Explorer may get the most attention. The bulletin addresses eleven vulnerabilities and affects IE versions 6 to 10, the most severe of which may enable an attacker to execute malware once users visit a maliciously-crafted website using Internet Explorer.

    The other critical bulletins include the updates for Exchange server and Windows OS vulnerabilities. Similar to IE, these vulnerabilities may allow a remote attacker to execute a malware onto the system.

    The bulletins rated as Important may not give an attacker the chance to execute malware, but not implementing these can lead to serious repercussions. The vulnerabilities in Windows and Windows Kernel may to an attacker gaining same privilege as current users. The other cited software bugs found in Windows NAT, ICMPv6, and Active Directory Federation Services may result to denial of service (DoS) attack and unwanted data disclosure respectively.

    Microsoft’s update for the browser is a good reminder of the reality of the risks of browsers. In the recently concluded Blackhat Conference, researchers Jeremiah Grossman and Matt Johansen demonstrated the possibility of browser-based botnets and how this can be done using fake online ads. In a previous research, Trend Micro researcher Robert McArdle showed how a similar threat can be done by abusing HTML5.

    On the topic of browsers, Mozilla also released Firefox 23 for Mac, which addresses 13 security issues. Similar to IE, exploiting these Firefox vulnerabilities may also lead to malicious file being executed in a vulnerable system.

    With browsers being the default way to connect to the Web and the growing number of devices dependent on browsers, this continuous attention to IE and browser security shows that we may see more assaults to the browsers in the near future.

    Users are advised to apply these security updates the soonest possible. You may also visit our Trend Micro Threat Encyclopedia page to know more about how Deep Security solution.

    Posted in Bad Sites | Comments Off on August 2013 Patch Tuesday Features Three Critical, Five Important Bulletins


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice