Kidz Rage !

Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.

Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site’s server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.

Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, discovered a large number of Italian-language Web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.

“Looking at these massive samples of malware, we can’t help to think that there’s something brewing in Russia,” said Carolyn Guevarra, a third researcher at Trend Micro, on the team’s blog yesterday. “We have just seen these cybercriminals pull the ‘Italian Job’ recently,” she added. “Are we now seeing a ‘Russian Uprising’ coming our way?”

Guevarra’s Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.

Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. “More details soon,” Guevarra promised.

Via Computerworld

Trend Micro Incorporated, a leader in network antivirus and Internet content security software and services, today published the TrendLabsSM Semi-annual Threat Roundup and Forecast. Analyzing malware trends that influence the economic growth of the malware world, the report demonstrates how malware attacks have changed in their style, motivation and target.

The era of the global malware outbreak is over. Today’s malware threats attempt to remain undetected and now often go after users in a specific region, country or group. These new attacks are of blended and sequential nature. They use combinations of malware, each of which plays a role in the delivery of the payload. Using the Web for delivery, update and entrenchments, such insidious attacks report back stolen information to the perpetrator, with the end goal of making money.

In the first six months of 2007, TrendLabs tracked several examples of just how the threat landscape has evolved, including “Storm” at the beginning of the year and the “Italian Job” most recently in June.

Via Topix

Another great find by the Trend Micro Team!

A new variant of WORM_SDBOT has just turned up. This variant, detected by Trend as WORM_SDBOT.EXT, has been observed to spread copies of itself via MSN’s instant messaging application.

As with any IM-borne malware, the worm sends an interesting message to an unsuspecting recipient to trick him/her into downloading it into the system. A copy of the worm is sent directly with the message itself, as a zip file. This technique is quite different from other worms like WORM_SOHANAD, which include a URL link in the message from where the actual malware can be downloaded.

Once it has been successfully downloaded and executed, the worm is known to compromise security. Acting much like a backdoor, it connects to the IRC server vpn.basecore.info and joins the IRC channel VPN. Remote malicious users with access to WORM_SDBOT.EXT can issue various commands that would allow them to download files, terminate processes running on the system and create/open/execute/delete files.

Credits go to Jonell Baltazar of TMIRT for analysis and to Lalaine Gregorio of Content Security for the screenshot.

via Trend Micro Malware Blog

Popular Phones Used To Store Personal Information

Apple issues a warning to customers on how best to avoid hackers who are targeting the iPhone.

Click on the link below image to watch video:

http://video.nbc11.com/player/?id=132310

via NBC

I found a pretty cool article on the SunbeltBLOG regarding on how to easily reverse engineer malware if it’s written in AutoIt, a popular scripting tool. You simply unpack the malware and then run it through the AutoIt decompilation utility (exe2aut).

In the below video Didier Stevens shows how a piece of malware author’s code was exposed:

Remember…if you think you may be infected with a Virus or Malware, you can always use the FREE online tools from Trend Micro like Housecall or the Free Online Spyware Scan.

via SunbeltBLOG