Today, Trend Micro is proud to announce that we are taking part in Facebook’s new security initiative to help protect its more than 900 million users against the wide variety of threats that target users of the world’s most popular social network.

As part of this initiative:

• Facebook and Trend Micro will work together to leverage the latter’s threat intelligence capabilities, particularly its knowledge of malicious websites, to protect Facebook users. This means even non-Trend Micro users of Facebook will also be protected by the enhanced capabilities of the Trend Micro™ Smart Protection Network™ against threats commonly found on the social network like survey scams.
• Users in the US, Canada, Britain, and Australia can download a free copy of either Titanium™ Security Essentials (for Windows users) or Smart Surfing (for Mac users). This free copy will be valid for six months, and all users have to do is like the Fearless Web page and visit the new AV Marketplace section to download a copy.

Among the threats that users face on Facebook are survey scams, which frequently leverage the latest viral trend du jour. In the most recent example we’ve seen, fake news of Justin Beiber supposedly stabbing a fan was used to lure users onto malicious sites that kept going to various survey sites.

Upon completing the win an iPad 2 UK offer, viewers are redirected to several other pages where more videos (and survey scams) are hosted:

Read the rest of this entry »

Following the so-called “Year of Data Breaches,” the first quarter of 2012 veered away from attacks that led to data loss and, instead, focused on mobility. The mobile threat incidents we’ve seen in the first quarter remained true to one of 2012 predictions—Android-based smartphones will continue to be a likely target for cybercrime. Trend Micro, in fact, identified approximately 5,000 new malicious Android apps in just the first three months of the year most likely due to the increase of Android user base.

Advanced persistent threat (APT) campaigns like Luckycat continued to ensue aided by trends like consumerization and outsourcing as well as interacting with new technologies, platforms, and entities, which seemingly broadened the attack surface. Proving once again just how important data is, the Luckycat campaign attacked a diverse set of targets using a variety of malware.

As in the past, hard-to-resist social engineering lures played a huge role in getting victims, regardless of device, to click malicious links, download malware, or visit malicious sites. Interest in new platforms like Pinterest again proved that with popularity came notoriety.

The past three months have been rife with different kinds of threats with one common denominator—mobility. Simply put, going mobile opened up several opportunities for users and cybercriminals alike. Though it’s true that the rise of mobility is full of potential, the issue of security should always remain at the forefront.

To take a closer look at the security landscape in the first quarter, read our comprehensive report, “Security in the Age of Mobility”

Just as the saying goes that there are many ways to skin a cat, threat investigation can also be done a handful of different ways, employing various expertise, especially when dealing with a threat employing several pieces of malware and a relatively robust C&C infrastructure.

But even though methodologies may change, whether through reverse engineering or analysis of the botnet infrastructure, the goal of understanding what the threat is all about is the number one priority.

Trend Micro is fortunate enough to have several experts under its fold who are able to attack the challenge using different means. And we are proud to say that our technical analysis and due diligence in monitoring Koobface activities made us understand the botnet intimately, and enabled us to respond and apply the appropriate solution to protect our customers.

Koobface at Its Peak

At its peak, Koobface was popularly known as the malware propagating through the (then) steeply rising social network Facebook, but of course, it was more than that.

Back in 2008-2009, Facebook was just becoming the dominant social network that it is now, and was just starting to distance itself from the likes of Myspace, Twitter, Friendster, myyearbook, etc.

Our first research paper about Koobface provided detailed overview that Koobface was not only exclusively propagating on Facebook, and that it also utilized the other social networks popular during that time. We also presented that once a system is infected by the Koobface malware, additional pieces of malware are installed into the system, which are then used to either monetize infected user traffic, or use the affected machine as part of the Koobface C&C infrastructure.

Read the rest of this entry »

As 2011 draws to a close, it’s time to look towards what will come next in order to help users and enterprises prepare for the challenges of the upcoming year. Broadly speaking, our predictions can be split into four categories: enterprise IT trends, the mobile market, data breaches, and the ever-evolving cybercriminal industry.

Enterprise IT Trends Will Change The Security Landscape

Thanks to consumerization (BYOD), virtualization, and cloud computing, the enterprise IT landscape in 2012 will be a very different landscape from what it was just a few years ago. System administrators will have to contend not only with conventional security threats, but also with the increasing complexities of maintaining and securing systems and networks in these new platforms.

The Mobile Market Matures

As the number of users of smartphones and tablets continues to grow globally, cybercriminals will find it is now worth their time to actively target these users in record numbers. In particular, users of the Android platform will be at particular risk – its completely open app environment allows both malicious and Trojanized apps to easily reach user devices. We fully expect to see significant numbers of Android malware in the wild in 2012.

Read the rest of this entry »

Editor’s Note: We have reorganized the blog entry previously titled “Most Recent Earthquakes in Japan” Searches Lead to FAKEAV as of March 14, 2011, 8:07 PM Pacific Time for better reading. As of this writing, we have identified several different disaster-squatting attacks taking advantage of the recent disaster in Japan. We will continue posting other related disaster fraud scams in succeeding blog posts to help users identify fraud and other attacks exploiting this unfortunate turn of events.

“Most Recent Earthquakes in Japan” Searches Lead to FAKEAV
Analysis by Norman Ingal, posted March 11, 2011, 2:58 AM Pacific Time

Unsurprisingly, we saw blackhat search engine optimization (SEO) attacks almost immediately after an 8.9 magnitude earthquake affected Japan, which was followed by a tsunami, causing massive damage to affected areas.

Read the rest of this entry »