With the amount of media coverage surrounding this year’s papal conclave and inauguration, it’s hardly a surprise that cybercriminals have taken advantage of this event to victimize users. We recently spotted spam that use newly-elected Pope Francis as the subject.

These email messages use the new pope and controversies surrounding the Catholic Church to pique the recipients’ curiosity. To convince users of the legitimacy of the emails, these cite CNN as the alleged source. A screenshot of an email can be seen below:

Figure 1. Sample spam entry

It should be noted that while the topic is supposedly about Pope Francis, the email below calls the new pope Benedict, which is actually the name used by his predecessor.

Figure 2. Spam entry with wrong headline

The embedded links lead users to sites which have been compromised by Blackhole Exploit Kits (BHEK). Blackhole Exploit Kits have been used to deliver a wide variety of malware incuding:

• Infostealers
• Backdoors
• Remote Access Trojans (RATs)
• Rootkits

We detect and block all related spammed messages and all associated URLs.

As for the related malware, we found out that the final payload (detected as TROJ_PIDIEF.SMXY) exploits CVE-2009-0927, a dated vulnerability in Adobe Reader and Acrobat, to perform its routines. Thus, users must ensure that their systems are up-to-date with the latest software update.

Read the rest of this entry »

Mobile malware continues to grow not only in number but in sophistication. We recently spotted botnet malware running on over a million infected smartphones. And while Android users are the main targets, Apple users could soon find themselves victims with reports of pirated apps finding their way on iOS devices. With these recent developments, our prediction of 1 million malicious detections by the end of 2013 hardly seems far-fetched.

But should users be concerned about malware only? No, they should also be concerned about their data. Given some of the activities done on smartphones involve a lot of information—email, gaming, and social networking—protecting data on mobile devices should be a priority.

While data stealing malware is a threat to privacy, legitimate apps can also put user data at risk. But these aren’t the only ways that information can go public. Common user behavior such as connecting to public WiFi networks and playing games on social media sites can allow others to view online activities. Browsing histories can be collected to send targeted ads to users. Even online profiles can become a risk, if users post too many details.

Read the rest of this entry »

The way we are held accountable for ourselves in public gatherings such as events and celebrations are very much similar to how we should be when it comes to our online presence in social networks. The number of participants, the level or engagement, and the variety of activities done are just some of the ways that make both settings similar. And a good example to show this similarity is an event that had just recently began: Oktoberfest.

Much like the web, Oktoberfest is a very chaotic but fun place. First held in 1810, Oktoberfest continues to attract visitors by the millions. In fact, 6.9 million visitors went to Oktoberfest last year, consuming 7.5 million liters of beer.

And though enjoyment is the goal for most in both settings, it is also important to keep in mind that they are also prone to incidents such as loss of items and theft. In real life, this may translate to precautions such as keeping valuables in a safe place, but on the web it is a little more complicated. In social networks, users are strongly advised to manage their privacy settings and keep the visibility of their personal information to a minimum, so as to avoid unauthorized access and the possibility of information theft.

For additional tips on making the most out of your Oktoberfest experience, read our infographic, “Off to Oktoberfest!”

It appears that everyone is part of one social network or another. Facebook alone has reported to have 955 million monthly active users and 543 million monthly active mobile users. Engagement online has become a must, with social networking prompting users to share every detail of their existence, from their hometowns to their favorite quotes.

However, frequent use of these networks could skew our judgment when it comes to deciding what and what not to post online. A Trend Micro study found that 63% of users post their birthdays and another 61% post their schools. Meanwhile, 51% list down their family members and 48% share their hometowns. While these details seem harmless by themselves, users should know that these details often serve as answers for security questions to online accounts. Should cybercriminals read these details, they could be one step closer to hacking your accounts.

Posting too much information could lead to undesirable consequences such as identity theft. Trend Micro found that 1 in 3 people know someone who became victims of identity theft. In the same study, 13% admitted to being victims of identity theft as well. These numbers prove that users need to be vigilant about their online privacy. For more information about others risks of sharing information online, check out our latest infographic, “Public or Private? The Risks of Posting in Social Networks.”

Privacy remains a hot topic in the digital age. We’ve previously discussed certain aspects about online privacy such as the Do Not Track function in browsers and personalized advertising. However, it appears that a lot of users are still unaware of how to keep their information private. For instance, according to Consumer Reports, 13 million users have never set Facebook’s privacy tools. A Pew Research report found that only 38 percent were aware of ways on how to limit the amount of information they put online.

Keeping your personal information private is important because your data is valuable. Users are well aware that cybercriminals want data related to financials, such as credit card information, online banking credentials, and Paypal accounts. However, they may not know that seemingly harmless or useless data (e.g., gender or likes) is also important —to marketers. Marketers need user data to make sure that the right message is sent to the right demographic.

But how do cybercriminals and marketers get your data? What happens once data is made available publicly? To know the answers and for additional information about your data, check out our latest infographic, “Hot on Your Trail: How Much is Your Data Worth?”

Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog