Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Gerald Dillera (Fraud Analyst)

    We recently discovered a Facebook attack that uses the business-related social networking site, LinkedIn as redirector site. The attack begins with a wall post that bears the subject, “The Video That Just Ended Justin Biebers Career For Good!” Clicking the URL in the image creates a similar wall post on affected users’ accounts.

    Click for larger view

    This Facebook attack using LinkedIn is new, as cybercriminals normally employ URL shorteners and Facebook fan pages to point users to malicious sites. The use of a legitimate site definitely increases the possibility that users will dismiss any suspicions that the post might be a malicious threat. In the past, we also reported various attacks that employed URL shorteners here:

    Although Facebook prompts a warning about the possible malicious URL activity, the said malicious URL can still be accessed via the site.

    Click for larger view

    Read the rest of this entry »


    Trend Micro researchers recently discovered attacks on the social networking site Multiply. The cybercriminals behind the said attack created new Multiply user accounts then sent malicious personal messages to other site users.

    The personal message contains a greeting with the target’s Multiply user name and a video that the recipient is supposed to watch. Clicking the play button redirects users to the malicious URL http://yourtube.{BLOCKED}

    Click for larger view Click for larger view

    The page then asks the recipient to download a codec to view the video.

    Click for larger view

    These sorts of attacks have been occurring for some time.  Users should avoid downloading new codecs to watch videos posted online, as these are frequently malicious. Trend Micro detects the downloaded file in this attack as TROJ_KATUSHA.F. In addition the URL where the malicious video is located is already blocked by Trend Micro products.


    safe shopping

    Trend Micro has discovered a new scam spreading via Twitter that uses gift vouchers as bait. Users are repeatedly retweeting a message with a shortened URL that promises they will receive a free gift voucher from various online shops:

    Click for larger view Click for larger view

    The shortened URL leads to a website (http://{BLOCKED} that entices users to complete surveys and refer their friends to the site to earn points. The points they would supposedly earn depend on the difficulty and language of the survey.  However, the survey site is not related to any of the legitimate sites that are mentioned on their page.

    Click for larger view

    If users try to take a survey, they will get a window which shows their IP address:

    Click for larger view

    We did not proceed any further, as it was clear that this site was engaged in suspicious behavior. Examination of the site’s WHOIS information revealed that the domain was only registered in late October, indicating that the site may have been set up to take advantage of the upcoming holidays. Twitter has also suspended the main account shown earlier, raising even more suspicions. We have since classified the website as a spam site and blocked it in order to protect users.

    Trend Micro users are already protected from this threat via the Smart Protection Network™. Users are also advised to be wary about what they retweet, lest they spread information that is just plain wrong.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice