Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bixie Villavicencio (Technical Communications)




    Media players have been coming under fire this year with discovered vulnerabilities and the spread of exploits targeting these holes. Another media player succumbs yet again: RealPlayer becomes playground to a new exploit. This exploit is hosted on a Web site and runs when the said site is accessed. Its main goal is to take advantage of a known vulnerability on the following versions of the popular media player, RealPlayer:

    • 6.0.10
    • 6.0.11
    • 6.0.12
    • 6.0.14
    • 6.0.14.536
    • 6.0.14.543
    • 6.0.14.544
    • 6.0.14.550
    • 6.0.14.552

    Once executed, it causes a stack overflow and download of malicious files.

    Before the said vulnerability is exploited, it first checks if the target machine is running Windows 2000 or XP with Internet Explorer version 6 or 7 to ensure its proper execution. It also checks what version of RealPlayer is installed to determine the first few bytes of shell code it writes on it. To trigger the exploit, it imports the function IERPLUG.DLL to send the shell code to the installed RealPlayer. If it is successful in doing all of the above, it connects to http://{BLOCKED}.g.biz/1.exe to download a malicious file detected by Trend Micro as PE_MUMAWOW.AO-O. It is saved as A.EXE in the Windows system folder.

    Trend Micro detects this exploit as EXPL_REALPLAY.H.

     



    VIP? Not in a fraudster’s vocabulary. Fraudsters choose no person, date or time when to release their attacks. US Department of Justice (USDOJ) is never an exception of getting victimized by fraud spammers.

    There is a spam email message that is circulating the Web resembling the authentic USDOJ letterhead where the hoax message is written. Bearing the USDOJ logo, an unsuspecting recipient could be deceived to believe that the email is legitimate.

    The message disturbs the recipient by saying that a complaint to the US Dept. of Justice has been filed against the recipient’s company. A copy of the complaint is attached to the mail. The recipient, getting shocked of the email, would then open the attached document.

    What the recipient does not know is that the file attached is actually a Trojan downloader detected by Trend Micro as TROJ_DLOADER.QRQ. When executed, this Trojan also drops several malicious files, including TROJ_RUNDIS.H and TROJ_AGENT.ADCU.

    People have to be triple cautious about email messages. Without an antivirus software and other proactive security measures (such as Web reputation/Web blocking services), only personal discretion would save or bring one to malware danger.

    This applies to all, no VIP treatments on this department.

     
    Posted in Malware | Comments Off



    TrendLabs researchers discovered that the corporate Web site of the Philippine Daily Inquirer (PDI), the widest-read English daily in the Philippines, has been hacked. Note that the said site is distinct from the PDI’s news site. A malicious user managed to insert a JavaScript code to the PDI Web site, which loads the URL following page:

    According to Threat Analyst Jonell Baltazar, there was no related malware within the page it tries to load. The loaded page just contains a bloody image and a message of cyber-protest against war, implying that the malicious user may be a hacktivist. TrendLabs has contacted PDI about this matter and a PDI representative confirmed that the issue is already under control.

    It’s hard to pinpoint exactly why the defacer would be interested in the said site, but this incident is a stark reminder that big companies–especially those in the business of delivering information–is fair game for hacktivists who would want a popular platform to get their message across.

     
    Posted in Bad Sites | Comments Off



    Under the US federal wiretap statute, John Schiefer has been charged with conducting illegal botnet activities. eWeek reports that Schiefer has pleaded guilty to four felony counts, namely accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud.

    Schiefer and his gang reportedly infected almost 250,000 vulerable computers to create a botnet that can mine PayPal user names and passwords, and other personal or financial information. The botherder is facing a maximum sentence of 60 years imprisonment and a fine of $1.75 million.

    This is the first criminal case of its kind and we certainly hope it won’t be the last. Pokemon heroes got it right when they say, “Gotta catch ‘em all!” because the botnet problem will continue to be a problem otherwise.

     
    Posted in Botnets | Comments Off



    “…In the discharge of my duty, I stumbled on this domiciliary account that has remained dormant for three years now with eight million, five hundred thousand United States dollars ($8.5M) in it…. That my purpose of contacting you is because the deceased has the same name with you…” is just a pinch of lots of Nigerian spam emails that caught the attention of so many around the globe. These organized criminals’ main tactic is to send out personal mails to random people, posing as lawyers, to help them obtain a huge amount of money. Getting a million in a snap one sunny morning would surely lure a recipient of the said email. However, getting it is not free since it demands a certain fee. Once the unsuspecting mail recipient gives in, s/he will be sent a cheque in exchange for the fee. Unfortunately, the supposedly good fortune cheque is a fake.

    A BBC News item revealed that such scams are thought to cost the UK up to GBP3.5 billion every year. In an investigation done in a single month, 4,500 fraudulent documents were confiscated and thousands of bank accounts were also used in the frauds. Fake cheques worth around $16.2m have also been siezed.

    Since the use of emotional and touching words in the said emails have fooled many vulnerable and elderly people, the Nigerians might have thought that cyber crimes are undetectable. It is good to know that the UK authorities have proved otherwise.

     
    Posted in Spam | 1 TrackBack »


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice