Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Thai site

    Research Project Manager Ivan Macalintal reported a few hours ago that another Thailand-based Web hosting site appears to have been compromised to serve malware.

    APAC-Regional TrendLabs Team immediately probed and analyzed the attack layout for the ill-fated and we identified a tricky injection, which was prematurely implemented.

    Based on our analysis, the main site is just about to be heavily laden with scripts when it was first reported. Going further, since it looks like a dead end when we tried a different avenue and since the main page itself is just like a site with a script gone bad, we found this:

      | /*
    (Cloaking with a 404 error still heavily laden with an encrypted script which lead to)
    Host Location Estiona
    Host Location European Union
    [Russian Federation]
    The following malicious files are set to drop at this point namely
    Host Location Ukraine

    These tiers were brought down 20 minutes or less after the probing was done. Too late for the authors of the attack, their tracks were traced back pinpointing the actual file that they were hoping to implement using Obfuscation and iFrame as a drop-off point.

    With coordinated effort from APAC-RTL spearheaded by Oscar R., Trend Micro Thailand Office by Wan K. and Kitisak J. of ThaiCert – the site administrator was advised about the incident and had the site cleaned in no time. Now it’s back to its regular business.

    Trend Micro already detects these files since the release of malware control patch number 5.144.05 using scan engine 8.5001002 or later.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice