Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Christopher Talampas (Fraud Analyst)

    While gamers from North America and Europe are still waiting for the release of Diablo III this coming Tuesday (May 15), cybercriminals have already gone ahead and started taking advantage.

    We found a search result for the string “diablo 3 free download” leading to a survey scam — a scheme frequently seen deployed through Facebook.

    The search result below (highlighted in yellow) directs to the a page which appears to be the download page for Diablo III:

    However, clicking the download button only leads to the following survey page:

    Another result, one supposedly leading to a YouTube page (highlighted in red in Figure 1), leads to the following page:

    Entering the site, the visitor is met with instructions that they need to follow in order to be able to download the beta version of Diablo III. Interestingly, the steps involve sharing a link through Facebook three times — once on the users’ wall and twice on game pages.

    Of course, following the instructions do not really lead to a file download, instead only directing to yet another survey page:

    As enticing as it is to be able to download a very popular game right before everyone else does, users should keep in mind that such shady offers are widely used as bait by cybercriminals.

    Diablo 3 is not the first game used by cybercriminals for schemes, we’ve seen other popular games such as World of Warcraft and Grand Theft Auto being used in the past.

    Trend Micro users are protected from the schemes reported above through the Trend Micro™ Smart Network Protection™.


    Scammers have snatched up the opportunity to victimize people by leveraging the interest and anticipation over the upcoming release of iPad 3. Just days before its supposed launch, we have noted several posts on Facebook that claim to give away free iPad 3s to some “lucky” users.

    Unlike previous Facebook threats we’ve blogged recently, this one does not involve clickjacking. Some users may have intentionally post this link on their social media accounts like Facebook to increases their points as a referrer and increase their chances of “winning” these items. Once users visit the site and click the image it will load the following page:

    Read the rest of this entry »


    News of Whitney Houston’s sudden demise spread like wildfire in the Internet. Countless tweets, Facebook wall posts, and news items circulated regarding the singer’s death at age 48. Given the massive attention around Houston’s death, cybercriminals were quick in taking advantage of this unfortunate incident.

    We have uncovered two web threats shortly after the news broke. One was a clickjacking attack found on Facebook, while the other one was a link circulating on Twitter.

    RIP “Whitney Houston” leads to Clickjacking

    My colleague  Karla Agregado found a fake video spreading on Facebook. Wall posts with the subject “I Cried watching this video. RIP Whitney Houston” come with link to the supposed video. Clicking it leads them to a Facebook page that contains a link to the video. However, clicking this link only leads to several redirections until users are lead to the usual survey scam site.

    Upon further investigation on the domains involved in the redirections, we also found 101 more survey scams registered on the same IP where the domains are hosted.

    RIP Whitney Tweets May Lead To Web Threat

    We also found Tweets with malicious links that also took advantage of the tag RIP Whitney Houston, which was trending worldwide on Twitter.

    The said Tweets contain a link to a particular blog dedicated to the late singer. Users who view the page are automatically redirected to another website. The succeeding page is a site that supposedly features several Whitney Houston wallpapers. Once users decide to download a wallpaper from that site, a pop-up window appears and asks users to download some Whitney Houston ringtones.

    Read the rest of this entry »


    It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.

    The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile.

    Click for larger viewOnce users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on either Google Chrome or Mozilla Firefox browsers.

    Read the rest of this entry »


    The latest Facebook scam leverages Breaking Dawn Part 2 and leads to survey pages that steal personal data such as cell phone numbers and email addresses.

    Who wants free tickets to The Twilight Saga: Breaking Dawn Part 2? To most, specifically to cybercriminals, the real question is, “Who wouldn’t?”

    We have encountered several incidents of clickjacking on Facebook, which typically redirect users to a malicious survey that asks for personal information such as email addresses or mobile phone numbers.

    This time around, this attack now targets users (and fans) who may be interested to watch the movie, Twilight Saga: Breaking Dawn Part 2.

    The image below shows how the page looks. The photo features celebrities, Robert Pattinson and Kristen Stewart, two of the movie’s main characters.

    Read the rest of this entry »

    Posted in Bad Sites, Social, Spam | Comments Off


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice