Trend Micro

A spammed message supposedly from Newegg, a popular online
computer hardware/software seller has been found in the wild. It
informs users that their online purchase has been charged to their Visa
card. It also contains two clickable links that point to the same
malicious page, an example of which is http://{BLOCKED}nthenet.net/1.html. Clicking the link leads to a series of redirections that ultimately land users on a FAKEAV-hosting site where TROJ_FAKEAV.FNZ may be downloaded.

Today, we saw a malware variant created with the well-known ZeuS
toolkit that seems to be targeting members of the U.S. military serving
overseas. Targets of this scam will receive an email with the following
text:

Dear Bank of America Military Bank customer:

This letter is to inform you that there is an update required for
your Bank of America Military Bank Account, for this reason your
account has been flagged.

In order to update your account, please follow this link.

Thank you for banking with us!

Bank of America Military Bank accounts support.

Should the recipients click the link, they will be brought to a page
that is almost identical to the real login page of the bank. However,
this fake login page is actually hosted in Russia.

This is just the story of a scam somebody tried to pull on me yesterday. It was too funny not to publish it.

The fact is that I’m selling my car so I put it up on Facebook Marketplace. After a few hours, I received a Facebook
message from a Caroline McMillan asking for more details. I complied
and she replied straight away telling me that she wanted it and was
ready to pay for it through PayPal. Whoa! Wait! PayPal? A car paid through PayPal without having looked at it? All my alarms went off. After a quick Google search, I firmly attested that I was talking to a scammer so I continued to check what the scam was about…

I gave her (or probably him) my PayPal address to make the
payment then it came… She tells me that she needs to wire money to the
collection agency and that they don’t accept credit cards so she seeks
my help by transferring 750 euros through Western Union. OK, this is
the hook.

Of course, I’m not going to transfer money before getting any fund
and I let her know. I need to have money on my account before I pay for
the car to be picked up. Surprisingly, she said, “Ok… i will make the
payment asap.”

I attended the DEFCON and the BlackHat Conference earlier this
year. Here are some of my thoughts on some of the sessions that may
have serious long-term security implications for users.

Breaking Browsers: Hacking Auto-Complete
Presenter: Jeremiah Grossman

Grossman talked about a flaw in the auto-complete features of
several major browsers that can be exploited via JavaScript. The attack
consists of simulating keystrokes on text forms and of waiting for the
browser to complete the data entry based on past similarly named forms.
For instance, in a form field named name, the attacker would
send a keystroke “A” and wait then “B” then “C” and when it enters “D,”
the browser uses auto-complete to fill in the user’s name, in this
case, “David Sancho.” The script logs this then continues to send more
keystrokes. The actual implementation is in a hidden form with common
form names like name, email, etc. The form is hidden so the user won’t know that this is actually happening.

Smartphones are becoming cybercriminals’ favorite malware vector. Last week, TrendLabs^SM reported the first ever Android Trojan (detected as TROJ_DROIDSMS.A)
found in the wild. Though it failed to perform its intended routine,
the attack showed that cybercriminals are always on the lookout for new
means to distribute malware.

Recently, Trend Micro threats analysts Edgardo Diaz and Alvin Jethro
Bacani came across a possibly malicious Android app known as Tap Snake (detected as TSPY_DROISNAKE.A) that is circulating in the Android market. The said app has the ability to send a user’s GPS location via HTTP POST (gpsdatapoints.appspot.com/addpoint) the moment the user accepts the app’s end-user license agreement (EULA).

Jailbreaking has been in the news lately largely because of the very public online iPhone jailbreaking tool that uses vulnerabilities in the iOS platform.

Initial security concerns were raised due to the discovery of a
loophole that was used by the jailbreaking tool. Whether people should
jailbreak their devices or not, however,  is in itself a good question.

What Is Jailbreaking?

First, a definition. Jailbreaking is the act of modifying a device to
allow it to run unsigned and thus unauthorized code that does not
normally do so. For Apple’s iOS devices, this means that users can download and run applications from sources other than the official App Store. They can also modify or add features to their jailbroken devices.

In theory, Apple reviews applications before they are posted on the App Store. No means of app review and signing appears to be done on apps in Cydia, a common alternative app store for jailbroken iOS device users. This means that applications are free to exhibit malicious behaviors, as is the case with Windows-based systems.