Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Okamoto Katuyuki (Threats Analyst)




    We’ve spotted an uptick in a particular type of threat hitting Twitter uses in Japan. We call this threat the “browser crasher” after what it does: it causes the browser to “hang/crash”. To do this, the user has to be lured to visit a particular site with the JavaScript code. So long as the browser tries to open that site, the user will be unable to browse websites normally.

    How is this attack conducted? In this particular case, users were lured to the site using various Twitter messages. The messages of the tweets varied: some said the site was interesting, while others explicitly warned users not to click on it.

    Twitter posts leading to “browser crasher” page

    Whatever the case, once users ended up on the site they would get the following popup on any JavaScript-enabled browser (which is to say, just about any browser on any operating system), like this iPhone:

    Pop-up on iPhone

    The message in Japanese tells users that they will not be able to get off the page, no matter what they do. Clicking the OK button will not be enough to get rid of the pop-up, as a new one will appear with exactly the same message. This pop-up will keep bothering the user and stop them from using the browser until they are able to get off the offending page.

    What the JavaScript does is actually quite simple. The JavaScript within the site contains the code to create a pop-up, as seen above. However, this code is placed inside an infinite loop – as soon as the user closes one alert, the code triggers again and opens another pop-up in a never-ending cycle that continues as long as the site is open.

    Read the rest of this entry »

     
    Posted in Social | 1 TrackBack »



    Reports of a phishing scam that impersonates the official Web site of Shinsei Bank in Japan surfaced last July 12 but several reports of this scam were received again last July 25. The 25th of July, of course, coincides with the payday of many companies in Japan, making this scam look like a planned and carefully executed attack.



    The screenshot below is an example of the email message that invites target users to click on a link that is going to direct them to the said phishing site:





    It is puzzling however why the content is written in English when the target recipients are presumably Japanese people who have accounts in Shinsei Bank.



    Confirmed subject titles of the phishing email so far are the following:



    • Lock your Shinsei Bank Online Access!
    • Suspend your account!
    • We regret to inform you!



    The given link looks exactly like a legitimate URL of Shinsei Bank. The phisher, however, manipulated the HTML tag where the displayed URL connects to so as to direct the recipient to the malicious site.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice