Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Research Project Manager Ivan Macalintal discovered a few hours ago that a Thailand-based tourism and travel site appears to have been compromised to serve malware. This discovery follows closely on the heels of the Thai Royal Air Force site compromise just a week ago.

    Looking at the season, summer holidays are coming up soon in Asia and Bangkok is a strong contender for being the most popular Asian tourist spot. Malware authors may therefore be counting on this to drive traffic to the hacked site.

    Clicking the link on the landing page of the Udiya Tour of Northern Thailand Web site redirects the user’s browser to a certain URL, which also redirects to yet another URL that contains multiple browser exploits ultimately leading to the download of a file named UPDATE.EXE. The said file is a variant of the LDPINCH family, which is known for their information theft routines.

    Upon analysis, it was found that several of the pages from the same site have been compromised, including the site’s contact, reservation and package details pages. Macalintal describes the said pages as “full of highly-obfuscated JavaScript badness, injected and scattered all over, just before and after the HTML, some META and TITLE tags.”

    Trend Micro users with updated patches are protected from this threat. We already detect this malware as TSPY_LDPINCH.FE using pattern file number 4.974.05.

    Thanks to Network Architect Paul Ferguson for contacting ThaiCERT about this site compromise.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice