Cyber Monday is basically the online retailers’ version of Black Friday and is considered the busiest day of the year for online shoppers and sellers alike. The National Retail Federation (NRF) estimates 96.6 million Americans to shop this Cyber Monday, an 11.5 million increase from 2008’s 85 million, while 87.1% of retailers are going to have a special promotion for the said event.

With such great numbers of shoppers and promotions expected to flood the Web, it is certain that shoppers and sellers aren’t the only ones who will be busy. Cybercriminals are surely bound to leverage on this busy day, that is why users should keep their guards up and watch out for the following ploys that are likely to arise:

1. Tainted shopping search results: Searching for the best deals might bring about some malware-related complications, as search results related to popular sales and well-sought-out products can be manipulated to lead to malicious websites.
2. Phishing spree: Phishers will surely anticipate the throngs of online shoppers who will key in their credit card details as they make their purchases and deploy phishing attacks in hopes of stealing information.
3. Fake receipts used as bait: As non-online shoppers are readily given a receipt on hand as the transaction takes place, online shoppers also are provided receipts through email or other means. Unfortunately, this becomes a convenient leeway for cybercriminals, using fake receipts as bait, in luring users to open files that contain malware.

Despite the expected increase in online shoppers, the NRF expressed that the shoppers aren’t likely to go on careless shopping sprees due to the still-lingering effects of recession. The users, NRF states, are forced to stick to necessities in terms of their purchases.

We strongly suggest that users extend their cautiousness in choosing their purchases to their online shopping habits as well. The Trend Micro Smart Protection Network can and will protect Trend Micro users from these threats by blocking malicious spam emails and URLs and detecting malicious files.

Other users are advised to stay protected and keep in mind that everyone is out for a quick and seamless bargain even cybercriminals.

Users who are currently planning to go or return to Brazil, especially with the holidays coming up, should watch out for a recent spam run. Spammed messages fashioned to look like an email from a Brazilian airline are offering users tickets to Brazil for just US$1.

Here is a rough translation of the text in the spam:

Promotion Voegol the $1.00 is back, buy tickets or return for all of Brazil to only $1.00.
Visit our online service through the website:
http://www.voegol.com.br/Atendimento/ and mention code: VG1R
After that, wait for contact from a clerk, and make the purchase.
Further promotion visit:

The spam run seems to take advantage of the promotions currently being offered by the said Brazilian airline. As enticing as the offer is, however, the links in the said email leads to nowhere near cheap tickets. The link leads to a URL that downloads TROJ_DLOADR.APX. TROJ_DLOADR.APX then connects to other URLs to download TSPY_BANKER.NGN. TSPY_BANKER variants have been known to take special interest on Brazil. They are known to steal banking information specifically related to Brazilian banks.

Users are advised to ignore similar spam they receive and instead check out the airline’s website for promos and other offers. On the other hand, Trend Micro users are protected from this attack through the Smart Protection Network.

Cybercriminals are using compromised Twitter accounts to spam out information-gathering websites to unknowing users.

The attack starts with compromised Twitter accounts. The accounts are used to send out Direct Messages to the followers of the users who own the compromised accounts.

The Direct Message—which is basically the Twitter counterpart of a private message—contains a link to what looks like an IQ test website:

An IQ test may seem harmless but the last thing asked for in the test is no longer an answer but the respondent’s mobile number. Though the real motive for this scheme is unclear, we believe that this was set up to gather mobile numbers from unknowing users to become potential targets for SMS spam or other mobile-related attack.

Users are strongly advised to refrain from clicking the links contained in similar Direct Messages that they may encounter even if the person who sent the DM is a known user. On the other hand, those users who think that their accounts may be one of those compromised should change their passwords as soon as possible.

The Trend Micro Smart Protection Network™ protects users from this by blocking all related URLs.

Update as of 08:49 P.M. “Users who do give out their mobile phone numbers may end up being billed at least US$10 a month for text messages,” says KOMO News. Though not every online IQ test will charge you, most are just there to scam unwitting users. Keep in mind that if a test asks for your mobile phone number, it is looking for a way to bill your mobile phone account. If the quiz looks like it came from someone in your Twitter account then a hacker must have hijacked other people’s accounts to make you think you are getting a message from someone you know.

Update as of November 13, 10:52 A.M. This attack do not simply harvest the affected users’ numbers but signed up their mobile for an auto-renewing subscription as described in the terms and conditions.

Anyone who has ever played a video game—whether in an arcade, using a gaming console, or on a PC—knows how a good kill can get one all excited and pumped up. Games that involve killing certain entities give us the thrill of being in such an exhilarating situation, without suffering any serious consequence. A certain Mac OS X game called Lose/Lose has been getting attention for its rather controversial effects.

The game, created by Zach Gage, somewhat resembles the format of the popular game Space Invaders, wherein the player is represented by a spacecraft and the goal is to kill the aliens placed all over the screen. Gage’s game, however, has a different twist, which has been causing quite a stir.

The new twist in Lose/Lose is that the aliens in the game—the ones that the player must kill to stay in the game—represent random files in the user’s system. Whenever the user kills an alien, the file the alien represents is deleted. Should the user refuse to kill the aliens, he/she will lose and the game itself will be deleted.

This interesting consequence of the game is clearly stated in Gage’s website where the game can be downloaded.

Gage describes his creation as a means to answer the question: “Why do we assume that because we are given a weapon and awarded for using it, that doing so is right?” Curious intentions or not, however, the game presents high risks and may be very easily abused. A user who may have acquired the file without knowing its effects may end up with a large number of deleted critical files.

The file has thus been classified as a malware and is now detected as OSX_LOSEGAM.A. The game tests the users’ killer instinct: the user is placed in a situation where he/she is handed a weapon and told that his/her survival depends on his/her ability to kill his/her prey. This usage of natural human reactions to trigger certain actions may be a form of research to some but what we see it as is this: a social engineering technique.

Mac users can get protection from this and other threats by using the Trend Micro Smart Surfing for Mac.

Major events, especially tragic ones, are usually followed with people asking the question, “Why did this happen?” Such events affect a lot of people in different ways, and that it is hard for us to dismiss that there is no valid reason as to why they occurred.

The September 11 terrorist attack on the United States is a clear example of this situation, as up until today — more than 8 years after the event has occurred — people are still searching for clear, justifiable explanation. Attempts to provide one only brought more confusion than clarity, as the numerous theories presented to the public only raised more questions that give answers.

And it seems that this is what the cybercriminals had in mind when they launched an attack that specifically plays on people’s desire to know what led to 9/11.  Senior Threats Researcher Paul Ferguson found a spammed email message that claims to contain data on the 9/11 U.S. Pentagon conspiracies theories.

The message is fashioned to appear to be from CNN:

Clicking the link on the message leads to the file hunt_the_boeing.hta, which is detected by Trend Micro as VBS_PSYME.DMB. VBS_PSYME.DMB connects to a certain URL to download possibly malicious files.

Though the final payload of this attack is yet to be determined, users are strongly advised to go against their natural tendency to be curious and not click on the link must they receive the said email. Trend Micro protects users from this spam run with its Trend Micro Smart Protection Network that blocks and detects the malicious file.