Re: Trend Micro Hacked - Serving Malicious Iframes in Security http://www.dslreports.com/forum/r20211800 en Tue, 02 Dec 2008 15:59:35 EDT Tue, 02 Dec 2008 15:59:35 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20212604 JTM1051 :
said by EGeezer See Profile :

...Based on that incident, I'm glad I have NoScript enabled. This goes to demonstrate that "trusted sites" can still serve up malware. ...
Ditto; using Fx with NoScript and all the "Additional restrictions for untrusted sites " (NoScript's Options > Plugins) enabled.

Since I only use IE for few sites that need/work best with IE, easy for me to lock down IE using customized settings for Trusted Sites, all other security zones set to max high settings.

Also using Online Armor's "Run Safer" setting for Fx, Opera and IE.]]> http://www.dslreports.com/forum/remark,20212604 Sun, 23 Mar 2008 14:13:37 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20211800 anon :
said by Bubba1 See Profile :

Frustrating. I operate a locked-down IE7 .. greatly utilizing the trusted/NOT scheme.

Presently, should KIS7's web protection component fail to detect a trusted(s) compromise .. there is no second line.
Does the web scanner of *any* antivirus program really offer any needed protection?

If the antivirus program is going to catch the threat, would it not catch it just as well without the use of a web scanner?

I have often wondered if including a web scanner in an antivirus program was more marketing hype than truly being useful. Am I wrong?]]> http://www.dslreports.com/forum/remark,20211800 Sun, 23 Mar 2008 11:17:22 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20169242 EGeezer : The infection of legitimate and normally trusted websites also brings mitigation and recovery to the forefront. If one assumes that at some point they may be breached, then they can start putting together a response and recovery plan. One example is a mini-TTX where we "pretend" that our PC has been hacked, corrupted, logins stolen, ID and CC info captured etc. and our recent available backups may be suspect. From that point, practice or develop a response and document as needed.

Although this PPT relates to school and organizational training, many of the tips for planning and doing the exercise are applicable.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... )]]> http://www.dslreports.com/forum/remark,20169242 Sat, 15 Mar 2008 12:14:38 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20168925 La Luna : Web Attack on Trend Micro Fails to Infect Users
March 14th, 2008 by Trend Micro

Earlier this week, we realized that part of our public online Virus Encyclopedia (VE) was altered via external hacking. The redirect placed on our site didn’t work properly so nobody visiting the hacked pages was at risk of infection. In response to this incident, we shut down the VE for several hours, patched the systems, removed the inserted code, and brought it back to life again. We have already taken interim measures to further harden the VE system against future attacks. This incident was part of a wider attack on Web sites around the world.
--
10,729 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
]]> http://www.dslreports.com/forum/remark,20168925 Sat, 15 Mar 2008 11:03:03 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20168847 IBK : Web Attack on Trend Micro Fails to Infect Users:
»blog.trendmicro.com/web-attack-o···t-users/]]> http://www.dslreports.com/forum/remark,20168847 Sat, 15 Mar 2008 10:37:33 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20168769 Bubba1 :
said by EGeezer See Profile :

This goes to demonstrate that "trusted sites" can still serve up malware.
Frustrating. I operate a locked-down IE7 .. greatly utilizing the trusted/NOT scheme.

Presently, should KIS7's web protection component fail to detect a trusted(s) compromise .. there is no second line.
--
"Fast is fine, but accuracy is everything" --Wyatt Earp]]> http://www.dslreports.com/forum/remark,20168769 Sat, 15 Mar 2008 10:13:33 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20162672 EGeezer : Good find -

Based on that incident, I'm glad I have NoScript enabled. This goes to demonstrate that "trusted sites" can still serve up malware.

It shoots down the often-repeated assumption that "careful browsing" is the silver bullet that eliminates the need for security tools.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... )]]> http://www.dslreports.com/forum/remark,20162672 Fri, 14 Mar 2008 01:42:40 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20161766 mikenolan7 : Pretty scary. How long until someone's online scanner, which usually require either ActiveX or Javascript, start infecting machines as people attempt to scan for malware? That's a nasty vector.]]> http://www.dslreports.com/forum/remark,20161766 Thu, 13 Mar 2008 21:30:36 EDT Re: Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20161729 Its a Secret : Time to lock 'em down hardcore, folks.]]> http://www.dslreports.com/forum/remark,20161729 Thu, 13 Mar 2008 21:23:27 EDT Trend Micro Hacked - Serving Malicious Iframes http://www.dslreports.com/forum/remark,20161397 SUMware : From The Register
13th March 2008 -
said by The Reg :
This week, researchers from the anti-virus provider uncovered at least two high-profile websites hacked so they try to infect visitors with some of the nastiest malware out there.

But as they were busy pointing out the attacks on web pages belonging to Swedish rock band The Hives and web blogs award site the Bloggies, nearly a dozen Trend Micro pages were busy trying to launch their own assaults, this Google search shows. The same malicious javascript at the heart of the Trend Micro attack had, at time of writing, managed to inject itself onto almost 23,000 pages in all.

"Unfortunately, safe surfing measures can be useless as even the most trusted Web sites can be hacked to serve up malware," Trend Micro's JM Hipolito wrote on Monday when analyzing the attack on the Bloggies. Evidently, he didn't know just how correct he was.

A Trend Micro spokesman said the malicious iframes have already been removed and that steps have been taken to prevent the injection from happening again. He didn't have additional details.

As we reported earlier today, the mass infection causes the once-benign sites to turn against their visitors by attempting to install password loggers, backdoors and other types of malware on their machines. The attacks appear to be the handiwork of a single criminal gang, according to McAfee researchers, who first discovered the cluster of hacked sites. They are part of a growing preference of miscreants to spread malware using legitimate websites that have been compromised rather than through destinations specifically set up for that purpose.

If even security providers like Trend Micro (and a few months back, Computer Associates) can't protect their visitors from these assaults, chances are good that plenty of others can't either.
]]> http://www.dslreports.com/forum/remark,20161397 Thu, 13 Mar 2008 20:16:16 EDT