Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Aileen Clemente (Technical Communications)

    Who doesn’t love getting freebies when purchasing a brand-new electronic device? However, it’s another story altogether if the freebie is pre-installed malware.

    HP Australia has recently warned the public about an undisclosed number of 256 MB and 1 GB USB keys shipped with some of its Proliant line of servers that come infected with the Fakerecy and SillyFDC malware, which could be transmitted onto the system once the keys are plugged in. These USB keys are to be used by those who want to install optional floppy-disc drives into their server devices. The malware bear file names that could be mistaken for legitimate system files (such as WinUpdter and ctfmon). They are detected by Trend Micro as WORM_AUTORUN.AZB and WORM_VB.BDN.

    Although HP and even the Australian Computer Emergency Response Team (AusCERT) assure that this is a low-level threat given the nature of the USB keys’ purpose and capabilities of the malware, this incident once more highlights the growing use of USB devices as a carrier of those undesirable applications. Early in the year, a batch of China-made media players called Victory LT-200 was shipped with a file infector.

    To be safe, it is best to check even brand new USB devices for potential infections by scanning them with up-to-date antimalware software before accessing any of its contents. As Forrest Gump was known to have said, “Life is like a box of chocolates, you’ll never know what you’re gonna get.” I guess these days, that goes for USB drives, too.

    Posted in Malware | Comments Off on HP Proliant USB Keys Come with Malware Surprise

    The Mac world is shaken. IDG News Service‘s Robert McMillan reports that Charlie Miller and two other security researchers from Independent Security Evaluators have hacked the wickedly slim Apple MacBook Air in a fleeting two minutes and walked away with $10,000 cash prize, the gorgeous laptop, and tons of bragging rights in CanSecWest PWN to OWN 2008 contest held in Vancouver. Miller’s earlier claim to fame was in being one of the researchers who first hacked the iPhone last year. That must make him Apple’s most favorite person in the whole world!

    This contest, other than giving hackers an opportunity to win big money, aims to present new vulnerabilities in certain systems so that the affected vendors can address them. Open for attack were a Sony VAIO VGN-TZ37CN running Ubuntu 7.10, a Fujitsu U810 running Vista Ultimate SP1, and as mentioned, a MacBook Air running OSX 10.5.2. As of this writing, the VAIO and Fujitsu are still standing strong.

    Miller’s team was able to expose MacBook Air’s vulnerability by “tricking” the judges into visiting a Web site where they have already set up an attack code. According to the sponsor’s Web site TippingPoint DVLabs blog, a newly discovered vulnerability in Safari, the browser that comes pre-installed in Air, was used to gain control of the system. Understandably, the more detailed method cannot be made public as previously agreed in a contract signed by the contestants.

    Posted in Vulnerabilities | Comments Off on It Takes Two Minutes to Hack A Mac!

    If you have ever bought or sold anything on eBay, you pretty much know how important the seller ratings are. The general rating system is based on a one- to five-star scale and is determined by people you have done transactions with. As customary, five stars is the highest and one star is the lowest. With the condition of conducting business anonymously, the buyer can only depend on these ratings to take that leap of faith of sending his hard-earned money to that total stranger probably sitting halfway across the globe.

    Though eBay sites offer practical and legit tips on how to boost one’s seller ratings, it is not surprising that scheming sellers still want to find an easy albeit unfair way of taking advantage of this rating system. After all, more stars virtually spell more sales.

    The Register recently reported a scripting trick employed by malicious sellers at, purportedly to boost their own seller ratings. An auction for a 2007 Range Rover Sport HSE, a four-wheel drive car usually valued at around 40,000 pounds, offers the vehicle at a curiously low amount of only 12,000 pounds. Apparently, the seller indicated on the main page (an online jewelry seller) has a “PowerSeller” status — meaning he/she has met certain standards from eBay including average sales requirements and of course, the all-important honesty and timeliness.

    Picking on the natural interest of people, particularly of eBay customers, for anything that appears to be a bargain, clicking on the auction brings the user to what appears to be a regular item page. The first sign that something is fishy? A suspicious pop-up coming from a page in Russia.

    Further analysis later on showed that this apparently regular page from eBay contains an embedded tag pointing to a Shockwave file, which in turn redirects the user to an .ASPX page in Russia. Down further on its root are two other .ASPX pages linking to already completed vehicle auctions. So just when buyers think they are dealing with a reputable seller, they are actually blindingly doing business with sellers they can’t even identify.

    Currently, we can only guess if this curious script serves other purposes than boosting those seller ratings. Trend Micro is of course doing its own investigation of the dubious files. Updates will be posted on this blog as soon as more information is available.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice