XSS (Cross-Site Scripting) Very Much Alive and Kicking We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the sites involved some cross-site…
Read MoreEven though Patch Tuesday is still two weeks from now, crimeware authors are already sending out fake Microsoft “critical updates.” The TrendLabs Content Security Team recently found a hoax purporting to be from Microsoft that urges users to update their computers due to a “critical security issue”. The email, which has the subject heading Important…
Read MoreMalware criminals generally revert to old-school social engineering as they continually employ another newsworthy item in their latest ploys. Just recently, TrendLabs Content Security team discovered spam email messages that rode on interest around the case of Alexandre Nardoni. Nardoni, a law consultant, who was accused of allegedly killing his daughter, Isabella Nardoni, in their…
Read MoreIt is that month of the year when flowers are in full bloom and people celebrate them in festive events. And it seems that same eventful—but darker—tone can be used to describe the month of May for the security industry. Trend Micro has so far documented several mass compromises of Web sites around the world…
Read MoreBanks all over the world are fast taking on the challenge (and opportunity) of bringing part of their operations online. Sadly, being spoofed in a phishing attack is one of the risks financial services companies have to continually address via user education. Early this week we were able to catch a phishing attempt targeted at…
Read More