Our malware traps caught several malicious PDF files recently which tried to evade detection by using so-called polymorphism. Our investigation started with a direct comparison of two of these malware samples.
The PDFs use the same template with different content for the JavaScript stream. After unpacking those PDF streams, it is possible to compare the clear [...]
After seeing a lot of spam which looked like Phishing but in fact was pointing to Canadian Pharmacy, we thought that it will reach soon a certain saturation point.
We were wrong. There is “version 2″ online now and is being sent in Spam/Phishing mails in massive amounts. The web site is new, a hotline and [...]
In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding.
A whole bunch of Windows applications is vulnerable to a so-called binary-planting attack which allows for remote code execution. Microsoft released a security advisory about this issue which isn’t easy to fix properly. This issue arises due to the (defined and well documented) behavior of Windows when loading libraries by an application. A .dll to [...]
We received a large amount of Phishing emails targeting the Postbank customers in Germany. Well, perhaps targeting is too much said, maybe annoying is better. Just have a look at the way the email is presented.
Because the email was sent in large amounts, I decided to follow the link to see if it was still [...]
Timing is everything, especially if you’re trying to spread malware. Last week, the developers of the popular Twitter application TweetDeck notified users that due to changes in the authentication protocols Twitter supports, users of older versions will have to upgrade. Naturally, cybercriminals latched onto this bit of news and sent out their own Tweets saying [...]
Post from: TrendLabs | Malware Blog – by Trend Micro
Yesterday a Spanish security researcher posted Proof-of-Concept exploit code for a vulnerability in Apple’s QuickTime Player. He demonstrated how a nine year old unused parameter in QuickTime Player, could be used to take full control over Windows-based system with Live Messenger installed, and execute program code remotely.
Selected short messages and links you might have missed if you don’t follow me on Twitter.
August 23, 2010
RT @briankrebs: Anti-virus products struggle against exploits — AV let malware get in in hope to stop it later?
[h-online.com] phpMyAdmin updates close vulnerabilities — both for v2.11.x and v3.x branches
August 27, 2010
[blog update] New wave of hacks on [...]
Selected short messages and links you might have missed if you don’t follow me on Twitter.
August 23, 2010
RT @briankrebs: Anti-virus products struggle against exploits — AV let malware get in in hope to stop it later?
[h-online.com] phpMyAdmin updates close vulnerabilities — both for v2.11.x and v3.x branches
August 27, 2010
[blog update] New wave of hacks on [...]
Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of November this year, 60 million mandatory cards will replace the older ID cards.
Our spam traps started to receive a bunch of Phishing emails like the one below, having no link inside. We know many tricks how to hide the URL (JavaScript, form, etc.) but this one was new: Pretending to be an invoice in HTML format, the attached HTML document displays the same content as in the [...]
There is no technology yet which can be compared to or replace parental advice and supervision. Nevertheless, protecting the children while using the computer using software is also very important. There can be two parts identified where the protection should take place: locally and online.
Local Security
There is no online protection when the local computer is [...]
We collect URLs (web addresses) pointing to Malware files and Phishing sites from various sources. That enables us to get a good insight into the “Malware and Phishing Market”, and now we noticed an interesting trend: For the first time this year we’ve seen that the amount of these malicious websites is going down.
After a [...]
Drive-by-downloads that use exploits to infect the visitor of a website are a very popular distribution method for malware authors. In the last days we detected thousands of websites which are infected with a hidden, invisible iframe.
Searching for similar iframe infections shows that Google lists about 47,300 hits.
The target server and script this iframe points [...]
During the latest days several security resources on the Internet have published information about a vulnerability in Windows applications, which when exploited, might allow remote execution of program code in certain circumstances. Note that this may affect third-party Windows applications, as well as (potentially) applications developed by Microsoft.