• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   This Halloween, Enjoy the Treats but Be Wary of Online Tricks

This Halloween, Enjoy the Treats but Be Wary of Online Tricks

  • Posted on:October 30, 2009 at 3:06 am
  • Posted in:Bad Sites, Malware
  • Author:
    Trend Micro
6

We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fun but we all need to be on the lookout for the sneaky and tricky ways cybercriminals slither into our computers.  Below are the TrendLabs, top 7 scariest threats that might be knocking on your door:

  1. Tailor-made ZBOT spam makes its way to employees’ mailboxes

    The Zeus botnet is well-known for e-banking attacks that target small businesses without a dedicated IT staff and only 1–2 payroll personnel; the most notorious ZBOT attack to date sent out tailor-made spam to the employees of several of these types of small companies. The spammed messages were made to look legitimate and non-malicious when, in fact, they contained Trojan spyware designed to steal information and identities.
  2. Vulnerabilities hit critical mass: Patch me if you can 

    Microsoft set a record in December 2008 of 28 patches for its OS vulnerabilities. In June 2009, the company broke that record with the release of 10 security advisories for 31 OS and other software vulnerabilities. What does this mean for users? It means that unpatched vulnerabilities can allow cybercriminals to exploit their systems. For instance, unpatched vulnerabilities in a system’s browser can allow cybercriminals to run arbitrary code if the user happens to browse through a malicious website, leaving him/her at the mercy of online predators.

  3. FAKEAV: Surrender hard-earned money for fake security 

    We’ve seen several strains of FAKEAV abound on the Web. Most employ “scareware” tactics, displaying a blue screen or bogus graphical user interfaces (GUIs) to warn users of infection. Some of the most dangerous variants, however, employ “ransomware” tactics. Users who fall victim to FAKEAV scams end up buying useless applications or may even be robbed of critical information apart from their hard-earned money. Sold at an average US$50 apiece, it is clear that big money can be made from pushing FAKEAV to users. This is why we can expect the debut of more FAKEAV in the future.

  4. Expand your circle of friends but beware of KOOBFACE malware 

    This year, we saw the emergence of the KOOBFACE botnet that specifically targeted social networking and micro-blogging site users. Facebook and Twitter, two of the top-ranking social networking/micro-blogging sites today have millions of users worldwide, making them favorite cybercriminal targets. The popularity of these sites may be unprecedented but so is the rise in number of malware targeting them. Victims of KOOBFACE variants can end up with FAKEAV infections, wrangled into being a part of the widespread KOOBFACE botnet, or owners of compromised profiles, take your pick.

  5. More sophisticated attacks = More victims 

    Cybercriminals continue to up the stakes as they come up with more sophisticated attacks to lure more victims into their traps. A new variant of the BEBLOH family of information stealers went well beyond logging keystrokes and sending it to a server to exploit. It stole user information and used it right away while effectively avoiding detection. The latest BEBLOH variant produces static pages that show remaining account balances and previous transactions to cover its tracks. Victims will not know they have been robbed unless they accessed the online banking site from an uninfected machine or used separate facilities such as ATMs.

  6. No system is immune from security attacks, certainly not Macs 

    The days when Mac users felt safe from today’s threat landscape are over. The recent proliferation of Mac attacks reiterates what security researchers have been saying all along—that no system is immune from security attacks, certainly not Macs. The number of Mac users continues to increase, unfortunately so does the number of cybercriminals targeting the Mac OS. Cybercriminal attacks on the growing Mac user base are becoming more and more complex, preying on the earlier belief that the OS X is malware-free.

  7. Blackhat SEO attacks climb the charts 

    Just as cybercriminals strive to make their malware-ridden pages climb to the top of search results, so has the number of documented blackhat SEO attacks. As if the usual blackhat SEO techniques were not crafty enough, cybercriminals just learned to use new nifty gadgets—Google Trends and GeoIP tracking—to increase the chances that users will click on links that direct them to specifically crafted malware-ridden pages. This kind of attack can affect anyone searching for information on the Web. All it takes to get infected is click a top-ranking search result.

If you are concerned that your computer may have been affected by a cyber attack, try our free prevention and clean up tools, available here.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.