Bangkok--13 Aug--Core & Peak
The first week of July was greeted by reports that an exploit code that takes advantage of an un-patched vulnerability in Microsoft ActiveX control was discovered in several Chinese websites. The said exploit leads to the download of a Trojan that terminates processes related to antivirus and security applications if found running on affected systems.
This attack set the tone for the rest of the month. Reports of attacks that utilize zero-day exploits related to bugs in Adobe ColdFusion, Microsoft Office Web Components (OWC), Firefox and Internet Explorer, and Adobe Reader and Flash Player have since followed, posting an average of at least one zero-day attack a week. Whether used in targeted attacks or mass compromises, these threats all bank on the possibility of greater reach of infection, given the fact that the absence of security patches for these applications render even most of the cautious and computer-savvy users vulnerable.
If cybercriminals are not using zero-day exploits, they leverage on the increasing popularity of Twitter. June witnessed KOOBFACE's entry in the micro-blogging arena while July showed an increase in its activity in the field, especially now that in a recent study by TrendLabs, it was revealed that this worm family was upgraded to make it more resistant against takedowns. In addition, a recent wave of malicious tweets promoted fake registry maintenance software, which appears to be similar to rogue antivirus. Further analysis of the website that hosts this fake software revealed that it also hosts a tool that allows users to send tweets in bulk.
July also saw the resurgence of the MYDOOM code as it was used to perform distributed denial of service (DDoS) attacks against certain websites in the United States and South Korea. Users of smart phones installed with the Symbian platform were also put at risk with the discovery of a new mobile malware that can be used to send spammed messages via SMS.
On the social engineering front, cybercriminals took advantage of one of the longest solar eclipses witnessed by millions of people over parts of Asia by poisoning search results related to it.
Unsuspecting users who type certain keywords (see Figure 1) may find themselves clicking a malicious link where rogue antivirus (AV) can be downloaded and installed into their systems.