After the Italian Job and the Russian Uprising, malware authors are now heading to the other side of the globe to spread “the love for malware”. A malicious IFRAME tag found in one of the files submitted by a customer contains the following:

The URL http://www.{BLOCKED}b.jp/index.htm contains a malicious JavaScript detected by Trend Micro as JS_AGENT.AAQI. The said JavaScript exploits the Microsoft Data Access Components vulnerability, discussed in Microsoft Security Bulletin MS06-014, to download and execute a file detected as TSPY_LINEAGE.ACZ.

The end result, the download and execution of a spyware, may lead us into thinking that malware authors may be timing this malicious move with the release of the online game Lineage II’s Saga 2: The Chaotic Throne in Southeast Asia. The online gaming community, which grows in numbers, must be aware of this Japanese uprising.

Trend Micro customers need not worry, as the aforementioned malware programs are detected and removed from affected systems. We also strongly recommend keeping software applications up-to-date by applying security patches released by vendors.