Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Trend Micro was recently alerted to a possible malware detection triggered when visiting MySpace Web pages. According to reports, certain MySpace pages are being detected as Possible_HiFrm.

    Possible_HiFrm is a heuristic detection noted for being effective in detecting malicious iframes and redirects pointing to most of the old and some of the recent Web threats. Possible_Hifrm is Trend Micro’s aggressive pattern used to detect characteristics common to iframes pointing to malicious web sites.

    Reports of recent Web site compromises accomplished through iframes include the high-profile SEO attacks, and search engine attacks, the mass compromise of various sites in China, Taiwan, etc., and other Asian sites injected with nasty code, most of which have been summarized in Total Recall: The Month of Mass Compromises.

    Further analysis reveals the reported MySpace pages do contain malicious scripts that Trend Micro detects as JS_DIRESEX.A. This JavaScript is programmed to secretly connect to a porn site (hence the detection name) which pops up unexpectedly while the user is browsing. Its code is obfuscated three times (whereas a single deobfuscation is already a telltale sign of malicious behavior this side of the industry), in an attempt to make analysis of the JavaScript harder for malware analysts.

    Trend Micro has reported to Myspace the findings on the said reports from their users and has not received a reply as of writing. This is not the first time a social networking site has been leveraged to target unsuspecting users. Around three weeks ago we reported about Worms Wriggling Their Way Through Facebook.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • lois

      Trend Micro detected ” possible_Hifrm-5 ” (Thype=Generic; Status=not yet fixed)

      Looks like this is fairly old. Will Trend Micro find a way to delete it??


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice