Trend Micro site infected users with Trojan

Antivirus vendor Trend Micro confirmed Thursday that "some portions" of its site had been hacked earlier this week, but hedged when asked if those pages had been serving up attack code to unsuspecting visitors.

"I can't confirm or deny the details," said Mike Sweeny, a spokesman for the Tokyo-based security company, on Thursday afternoon. "Some pages were compromised, but we took those pages down and took corrective action hours ago." When pressed for more information, Sweeny would only say the attack was "under analysis".

But media reports from Japan, and a blog post by a rival, U.K.-based Sophos Plc., offered more information. The English-language edition of the Yomiuri Shimbun , one of Japan's largest newspapers, said Trend Micro's site was hacked around 9:00 p.m. Sunday, Tokyo time (7:00 p.m. Eastern, on Saturday, in the US).

"When users viewed any of the modified pages, they were reconnected to other sites without realizing it, and a type of virus was installed on their computer that causes them to download other viruses in a series," said the Yomiuri Shimbun.

Security rival Sophos added more details late Thursday in a post to its blo. There, Graham Cluley, a Sophos senior security consultant, claimed that the hack had been an SQL injection attack and included a link to an alert Trend placed on its Japanese-language site that identified the malware as JS_DLOADER.TZE. The alert also said that users could have been infected by accessing one of 11 infected pages on the Japanese site or 20 pages on the English site, or by clicking a link embedded in the malware's name. All the pages were part of Trend Micro's malware encyclopedia, a searchable database of viruses, Trojans and worms.

Sweeny, Trend's US spokesman said "about 32" pages were involved, "most of them from the encyclopedia".

Other reports speculated that the Trend Micro hack was part of the larger campaign that has infected some 20,000 pages in the past few days. According to researchers at McAfee, those hacks are script-injection attacks that reference JavaScript attack code which in turn -- and only after several cascading pages -- leads to an executable piece of malware. McAfee's experts compared the still-ongoing script-based attacks as similar to those that compromised the Web sites of both the Miami Dolphins NFL team and its days before the 2007 Super Bowl.

Security vendors swung into action late Thursday with warnings of their own, even though information was in short supply. Symantec, for example, warned customers of its DeepSight threat network of the reports of ongoing attacks. "Our honeypots are flooded with known attacks targeting older vulnerabilities in the same manner," wrote Patrick Jungles, a Symantec analyst, in the alert. "Although the attacks regularly observed by our honeynet may not all be directly related to this recent grouping, it shows that the attacks are successful enough that they warrant ongoing efforts to obtain new distribution servers."

The script injection attack tracked by McAfee that may have struck Trend Micro's site is not the only mass infection currently plaguing users worldwide. Another campaign that began about a week ago has taken to subverting Web sites' search caches with rigged IFRAMEs, then redirecting visitors to malicious sites that install malware.

The infected-page tally for these IFRAME attacks stands at more then 401,000, according to Dancho Danchev, the Bulgarian researcher who first reported the large-scale attack.

Although a warning had been posted on Trend Micro's Japanese-language site, as of 9 p.m. Eastern on Thursday, nothing similar was visible on the English edition.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?