Trend Micro falls victim to Web hack

Trend Micro falls victim to Web hack

Summary: It's not much fun when one of your security vendors falls to a Web attack. Infoworld reports that TrendMicro was a victim of a recent Web attack that used legit sites to deliver malware.

SHARE:
TOPICS: Security, Browser
3

It's not much fun when one of your security vendors falls to a Web attack. Infoworld reports that TrendMicro was a victim of a recent Web attack that used legit sites to deliver malware.

According to InfoWorld Trend Micro removed the infected pages from its Web site. While the attack is unfortunate for Trend Micro at least it had company.

McAfee says almost 200,000 Web pages have been compromised in a little more than a week.

Here's what McAfee had to say:

The attack seems to have started more than a week ago, and nearly 200,000 web pages have been found to be compromised, most of which are running phpBB.  This contrasts yesterday's attack in that the vast majority of those were active server pages (.ASP).  The ASP attacks are different than the phpBB ones in that the payload and method are quite different.  Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.

McAfee has a handy video of the attack that's worth a look.

McAfee was following up an attack detailed on Wednesday that infected 10,000 pages. The Wednesday attack involved an "injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities."

Not surprisingly, a lot of those vulnerabilities were ActiveX controls.

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • RE: Trend Micro falls victim to Web hack

    I gave up recommending Trend Micro to my customers after crashing XP X64 OSs to a point that the system had to be reloaded. I think they may have run out of talent.
    yagijd
  • RE: Trend Micro falls victim to Web hack

    Your correct.C-level people take all of the money and all of the good developers are gone. It is pity that most of US is going that way.
    phatkat
  • I gave up recomending any AV

    Since I started recommending Linux. Actually that's not entirely true, I recommend ClamAV for scanning emails and checking the WINE directories with their Microsoft applications.
    tracy anne