Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Christopher Talampas (Fraud Analyst)

    The Trend Micro Content Security team discovered a phishing attack that used a software company’s website to lure victims into divulging personal information. The compromised site was that of School Website Solutions, which looks like this:

    Figure 1. Clean page.

    Phishers were able to hack the site however. Users who were trying to access School Website Solutions using its legitimate URL saw this page instead

    Figure 2. Phishing page.

    which is no longer related to the software company at all. The phishing site spoofed the login page of Alliance & Leicester, a bank in the UK. Information entered in this page were keylogged and stolen by phishers.

    Trend Micro has already notified School Website Solutions of this threat, and the site administrators were able to swiftly respond and resolve the issue. Security policies and practices that help ensure attacks like this don’t happen include:

    • Religiously checking OS and software vulnerabilities and taking necessary actions when problems arise.
    • Using strong passwords.
    • Disabling unneeded services and deleting unnecessary accounts.
    • Keeping private files private by not placing them under the public directory on the server.
    Posted in Bad Sites | Comments Off on Phishing School Teaches Lessons on Secure Practices

    TrendLabs Content Security has come upon a new phishing attack that leads to the download of malware. However, unlike most instances where phishing baits are usually banks, credit unions or other financial institutions, this time it uses the popular social networking Web site

    The phishing URL may be contained in spammed email messages. Once recipients of said messages click or visit the URL, it displays a spoofed MySpace login page. It also uses a popup window declaring a supposed MySpace profile object error and requires that the user download the new version of a new MySpace profile object.

    Therein lies the trick: When the user clicks the “continue” button, malicious files are not only downloaded but also automatically installed. The said malicious files are detected as TROJ_ZLOB.GUZ and BKDR_IRCBOT.BGY.

    And if the user tries to exit the page, it will not close until the said file is downloaded. To exit, a user needs to terminate the program using Task Manager.

    Trend Micro users, of course, are already safe from this threat, as the phishing URL hxxp://{BLOCKED} is already blocked by Trend Micro’s Web Threat Protection (WTP) technology. For other users, however, it pays to be vigilant.

    Posted in Bad Sites | Comments Off on Phishers Drop MySpace Bait

    Trend Micro’s Content Security Web Blocking Team has recently encountered attempts to phish account information of users that subscribe to Google’s advertising platform, Google AdWords. The phishing email message appears to be from Google Adwords and tells the user to log on to Adwords and update their billing information, as shown in the image below:

    Google AdWord Phishing image

    It instructs the user to click a link which appears to the user as a legitimate Google Adwords link, but actually leads to a malicious Web site. Account information entered by the unknowing user on the malicious Web site is then sent to an unauthorized user.

    Such technique may trick to most users, making them think the URL shown in the message will connect them to the legitimate Web site. Furthermore, Google is generally known for its sparse, clean email and Web site interfaces so this simple-looking email message can be quite convincing. Users are advised to report it here if they receive a message similar to the one above.

    Posted in Mobile | Comments Off on BadWords From Bogus AdWords


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice