Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr   Jun »
  • Email Subscription

  • About Us

    Archive for May 14th, 2013

    Patch-Tuesday_grayIT administrators and the likes are expected to have a long day today, as Microsoft releases its security bulletin for May that resolves 33 vulnerabilities. Though this is not Microsoft’s biggest release (April 2011’s 17 bulletins 64 vulnerabilities come to mind), it is crucial for users to apply these security updates, which include a resolution to the zero-day incident involving the US Department of Labor webpage.

    This roster of updates include two Critical bulletins addressing Internet Explorer (IE). The first one resolves around a vulnerability found on IE versions 6 to 10 on all Windows OSs, from Windows XP to Windows 8. It also addresses the vulnerability in IE 10 uncovered during the Pwn2Own contest last March.

    The other critical IE bulletin deals with a vulnerability limited to IE 8, which made the headlines recently because of a related zero-day exploit found in a US Department of Labor webpage. Based on our own investigation, users visiting this compromised site are lead to a series of redirections until their systems are infected with a BKDR_POISON variant.

    Even before this month’s release, Trend Micro Deep Security has been protecting users from this vulnerability via rule 1005491 – Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE-2013-1347).

    The rest of the bulletins were tagged as Important, which includes a security flaw in Windows that may lead to a denial of service (DoS) attack.

    Just like last month, Adobe also released their security bulletins today, which include fixes for Adobe Reader and Acrobat, Flash Player. The software vendor also issued a “security hotfix” for a ColdFusion vulnerability, which is reportedly being exploited in the wild.

    Users are advised to implement these bulletins as soon as possible to avoid exploits similar to the US DoL incident. For more details about how Trend Micro can protect users, you may refer to this Threat Encyclopedia page.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

    Posted in Vulnerabilities | Comments Off on May 2013 Patch Tuesday Includes Critical IE 8 Zero-Day Issue

    App developers often include ads on their applications to increase revenue. These ads feature enticing titles or blurbs to surge more user hits. Typically, clicking these ads either prompt users to download an app or be redirected to a web page. However, cybercriminals who never run out of new ways to spread their deeds, could also use this as a venue to steal user information.

    We recently spotted a fraudulent website which is pushed by ads found in multiple Android apps. (Some of these apps were downloaded from the Google Play store, while others were found from third-party stores.) These ads use popular brands as hooks like “iPhone 5” and “Samsung Galaxy Note II” and supposedly selling these items for a ridiculously low price. Once users click the ad, it will lead them to a website which shows many means to buy the said phones.

    Figure 1. Ad for Samsung Galaxy Note II


    Figure 2. Ad for iPhone 5

    In reality, these sites are just scam sites that try to defraud users out of their money. They do not actually sell the devices they are promoting.

    Figure 3. Fraudulent website advertising Samsung Galaxy Note II

    Figure 4. Fraud website with iPhone 5 ad

    These ads are being delivered by a large, mainstream ad network, which claims to be used by more than 90,000 apps. While this attack is currently limited to Chinese users, because of the large number of apps on this particular ad network it is possible that similar attacks will be delivered to other users in the future.

    Last March, we blogged about Google’s decision to remove apps that block ads and the potential risks this may pose on unsuspecting users. No doubt the insufficient audit of ads on the Android platform may lead to more fraud, phishing attacks or even malware distribution. We recommend ad providers to provide more powerful audit mechanisms to protect users from attacks leveraging ads.

    Trend Micro protects users from this attack by blocking the said malicious website. We also advise Android users to be cautious in clicking ads on their devices as this may potentially lead to information and identity theft. For better protection of your devices, users should also be wary of other mobile threats like malicious URLs and mobile phishing sites.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

    Posted in Bad Sites, Mobile | Comments Off on Mobile Ads Pushed by Android Apps Lead to Scam Sites


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice