Web Threat Spotlight
Every other week TrendLabs takes an in-depth look at a notable web threat examining its infection routine and payload to better understand what new tricks cybercriminals have up their sleeves.
November 2009
Issue 50: Cybercriminals Scam Victims with FAKEAV Spam
Tricking users into downloading FAKEAV or rogue antivirus has been an age-old cybercriminal tactic that apparently has not stopped working. Hence the continuous rise in the number of FAKEAV pushed to unwitting scam victims up to this day. Knowing that data is worth a great deal to users, cybercriminals will keep coming up with new ways to exploit the fact that users are so easy to trick into buying FAKEAV.
October 2009
Issue 49: ZBOT/Zeus Sends Out Tailor-Made Spam
Trend Micro researchers analyzed a recent attack that uses tailor-made spammed emails. These emails targeted employees from several specific companies. Links inside the email led victims to download TROJ_ZBOT.CYZ, one of several ZBOT variants that are programmed to capture user keystrokes and send sensitive information to remote servers.
Issue 48: BEBLOH Data Stealers Target Banks, Evade Security Analysts
A new variant of the BEBLOH family has been found to employ several sophisticated detection-evasion techniques. Together, these tactics make takedown difficult for financial analysts and security researchers alike.
September 2009
Issue 47: Malvertisements Hit Leading American News Outlet
The website of one of the most important news outlets in the United States, the New York Times, became the latest high-profile site to inadvertently serve malware.
Issue 46: Fake Snow Leopards Change DNS Settings
Cybercriminals leverage the much-anticipated release of Mac OS X Snow Leopard by setting up sites distributing advanced free copies. These copies, however, are actually DNS changer Trojans.
August 2009
Issue 45: Invoice Spam Highlights Growing Malware Family
An emerging family of malware named BREDOLAB is being used in increasing numbers by cybercriminals using malicious attachments to gain a foothold on systems.
Issue 44: Corazon Aquino's Death Spurs an SEO Attack
Cybercriminals will stop at nothing to lure users into their specially crafted traps. The death of a former president, or an event pertaining to any famous personality for that matter, is often used as another tool for them to obtain their own ends.
Issue 43: Zero-Day Attacks Escalate
When a security hole is leveraged by cybercriminals before software creators ever have the chance to fix it, it is referred to as a zero-day attack. In July, we have seen several such attacks targeting popular applications, some of which are often used in common Internet browsing activities.
July 2009
Issue 42: KOOBFACE Widens Its Reach
Popularity comes with a price, so they say, and it can’t be any truer for Twitter. As the micro-blogging site’s popularity among computer users grows, so does its cybercriminal following.
Issue 41: Threat Targets Windows and Mac OSs
Despite humorous ads touting the Mac as a platform free of viruses and malware, the recent increase in malware attacks targeting Mac users shows otherwise. The Mac’s market share continues to grow, increasingly drawing cybercriminals toward the platform.
June 2009
Issue 40: Flight 447 and H1N1 Pandemic Used in Blackhat SEO
Two recent cybercriminal attacks drew inspiration from news items of global interest in order to propel malicious links into top search engine results. Cybercriminals’ use of hot news topics such as those related to the Air France Flight 447 disaster and the World Health Organization (WHO)’s formal announcement of H1N1 as a global pandemic is not necessarily new. However, Internet users run great risk of losing credit card information as a result of downloading rogue antivirus software from blackhat SEO links as these types of attacks increase.
Issue 39: Stolen FTP Logins Open Door to Mass Compromise
Gumblar, a website compromise attack, is adding new scripts to reinfect “clean” websites. New malware is downloaded onto computers, stealing FTP credentials from unsuspecting users to compromise more sites, and recruiting PCs into botnets to serve spam and fake antivirus software.
May 2009
Issue 38: Bootleg Windows 7 RC Contains Trojan
File-sharing sites hosting pirated copies of widely used applications offer yet another venue for cybercriminals. Riding on the much-anticipated debut of Windows 7, altered copies of the Windows 7 RC made rounds on file-sharing sites, purporting to be leaked versions of the new operating system (OS).
Issue 37: KOOBFACE Trojan Used to Break CAPTCHA
Social-networking sites continue to be popular destinations for netizens. People across nationalities, age groups and lifestyles enjoy creating online social circles and nurturing real-world relationships in these portals.
April 2009
Issue 36: Cybercriminals Home in on Twitter
Twitter, founded in 2006 as a service for friends, family and coworkers to stay connected, has quickly risen in popularity across the globe, embraced by individuals and organizations who “tweet” about everything from the banal to breaking news. Being a successful technology platform, however, draws the attention of hackers who aim to leverage Twitter’s popularity for malicious intent.
Issue 35: Cybercriminals Crack Macs
Cybercriminals continue to unleash threats targeting the Mac OS X platform that challenge the perception that Mac is virus-free. In this issue, we feature a Mac Trojan, OSX_RSPLUG.B, discovered on pages hosting pirated software, as well as a few other recent Mac threats.
March 2009
Issue 34: Fake Antivirus Scammers Now Into Ransom
A new wave of rogue antivirus software has routines that allow cybercriminals to disable infected users from using their files. This new threat features a cybercriminal operation that borrows from a real-world extortion technique for the same old purpose of stealing money from users.
Issue 33: Cybercriminals Target Social Networking Sites
Facebook’s immense popularity – it numbers 175 million members worldwide – also makes it one of the world’s largest cybercriminal targets. Recently cybercriminals leveraged various social engineering tactics to subject Facebook members to worms, Trojans, and other malware, the latest being the Koobface worm.
Issue 32: Microsoft and Adobe Vulnerabilities Exploited for Data Theft
Actively exploited vulnerabilities in popular software applications– a browser, document creation software and a document reader – show that cybercriminals are still keen to leverage zero-day vulnerabilities.
February 2009
Issue 31: Offline Flyers Drive Online Threats
Almost all of today’s threats use the web as a medium for spreading malware; however, a recent attack takes a different approach. Using clever social engineering ploy, cybercriminals are able to lure their victims into malicious domains that lead to the download of rogue antivirus software via windshield flyers.
Issue 30: Is WALEDAC the new STORM?
What connects fabricated Barack Obama news reports and Christmas, New Year’s, and Valentine’s Day ecards? The answer is a botnet, which may be related to the bot giant Storm. Users who are unwittingly drawn to the threat are at risk of being part of a massive system of infected PCs that could be controlled at will by cybercriminals for their malicious online operations.
