オーストラリアで首相の死を題材にしたスパムが流行していました。件名としては、以下のようなものが確認されています:
(さらに…)
アジアでMSNメッセンジャーを介して、不正プログラム「BKDR_RINBOT.B(リンボット)」(パターン4.259.00で対応)が頒布されるという報告がありました。MSNメッセンジャーで「BKDR_RINBOT.B」のコピーをダウンロードさせるため、ダウンロードサイトのURLを送りつけられます。メッセージ内容は、英語で”I found a picture of you online, take a look”というような本文が確認されています。
(さらに…)
There has been a lot of WORM_NUWAR movement this week. The controversial “storm malware”, TROJ_SMALL.EDW of P2P botnet fame was found to be an accomplice of the NUWAR network; dropped as it is by a variant detected by Trend Micro as WORM_NUWAR.CQ.
The weekend is upon us and yet another NUWAR makes it to the Trend Micro noteworthy list. Detected as WORM_NUWAR.EE, its spammed email carries belated New Year cheer and the usual Trojan hitchhiker (TROJ_TIBS.PE). Like the earlier variant, WORM_NUWAR.EE also uses the file name POSTCARD.EXEfor its attachment. What is surprising for this new variant is its total lack of originality. WORM_NUWAR’s spammed messages have always used convincing social engineering tactics like the CNN ploy and, of course, the recent Storm email. WORM_NUWAR.EE, however, is just rehashing the “New Year” subject line and an old attachment file name. Based on this, it can be surmised that NUWAR’s code may have been made publicly available and somebody is trying it on for size.
As always, users are highly advised not to open attachments from suspicious email messages. The best protection is still caution and vigilance.
続きを読むLineage II, the immensely popular Massively Multiplayer Online Role-Playing Game (MMORPG), is expected to release its sixth chronicle update entitled
Interlude: The Chaotic Thronebetween late March and early May this year.
As gamers worldwide anticipate this release, authors of the highly-successful spyware family TSPY_LINEAGE and illegal private servers are also probably gearing up. These crooks better watch their backs though because NCSoft, Lineage’s developers, is already taking steps to track them down. As of this writing, the company is working with the FBI on a crackdown of illegal Lineage private servers. It is also coordinating with the South Korean government in the country’s bid to prevent the massive Lineage-related ID theft controversy of late last year from happening again.
To read an in-depth article about TSPY_LINEAGE’s routines and payloads, click here:
続きを読むIn biology, antigen is a foreign substance in the body that stimulates the production of an antibody, which in turn fights diseases. It is supposed to be good for you. Getting a particular antigen spam email, though, is probably just going to ruin your day.
Antigenis also the name of an antivirus software for Lotus Domino and Microsoft Exchange. As such, it scans email messages and attachments for possible malicious activities.
TROJ_DLOADER.EXI‘s author then is probably being ironic or funny because this malware arrives as an attachment to a spammed email that purports to be an automated message from the
“Antigen Quarantine area”about a scanned image file. See a sample below:
This Trojan downloads a spyware detected by Trend Micro as TSPY_BZUB.EQ from the Web page
http://www.{BLOCKED}den21.net.
Microsoft re-released MS07-002 for Excel 2000. According to Christopher Budd of
Microsoft Security Response Blog…
[snip]
The original version released on January 9, 2007 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode.
[snip]
To get the patch check here.
続きを読むSAP is the largest business application and Enterprise Resource Planning (ERP) solution software provider in terms of revenue.
CYBSEC Security Systems has discovered a vulnerability in SAP IGS which when exploited can result in remote code execution with the privileges of the LocalSystem on Windows and SAP System Administrator Account on UNIX systems.
For more information about the vulnerability, read here.
SAP has already released a solution for this and customers that are affected should apply the patch as soon as possible. For more information about the patch read SAP Note 968423.
続きを読むWe’ve seen the spamming of TROJ_SMALL.EDWand TROJ_STRAT.CJ, now here comes another spammed trojan with an attachment name of “Rechnung.zip”. This incident is similar to an earlier blog post, Bogus 1&1 Bill from Germany.
The executable file in the zip archive has the following properties:
- MD5: 0B9BC464379180B6A813B85D94D21E9D
- File Size: 16,896 bytes
Here are some sample email details:
Trend Micro will soon detect this malware as TROJ_YABE.AV.
続きを読む