Posted on

Malware Blog – World of Warcraft Scams: Mist of Pandaria, Free Mounts and Phishing Galore

I’m always excited when I encounter some #security meets #gaming issue.  So I’m eagerly re-posting my blog article published in the TrendLabs Malware Blog entitled World of Warcraft Scams: Mist of Pandaria, Free Mounts and Phishing Galore.

World of Warcraft: Mists of Pandaria is the fourth expansion for the massively multiplayer online role-playing game (MMORPG) World of Warcraft. It was first unveiled to the public last October 2011 during the BlizzCon 2011 conference in Anaheim, California.

TrendLabs researchers started seeing increased phishing activity inside World of Warcraft after Blizzard started the closed beta testing for Mists of Pandaria last March 2012.

In these new rounds of phishing attempts, scammers are trying to abuse the WoW’s in-game mail system. In this phishing attempt, the malicious URLs are sent via in-game mail and are received by players in their in-game mailboxes.

 

 

In this phishing try, the scammer entices would-be victims to join the Mist of Pandaria beta testing and win an exclusive in-game item, the Dragon Turtle Mount, by visiting and registering in their website. The Dragon Turtle Mount was previously announced by Blizzard as the racial mount for the Pandarens, the new additional playable character race available in the Mist of Pandaria expansion.

 

 

The phishing URL in the in-game email goes to a phishing website that closely resembles the actual Battle.net website. The phishing URL tried to add some credibility by adding the string Mist of Pandaria abbreviation (MOP) to the domain name.

 

 

If unsuspecting users input their Battle.net credentials it will definitely result to Battle.net account theft. Battle.net is the central account management for all Blizzard games like World of Warcraft, Starcraft 2, and Diablo III.

In contrast to what we discussed in our previous World of Warcraft post, we observed that recent scamming attempts seem to be targeted at low level characters and not high level or level-capped (Level 85) ones. This may be part of the scam detection avoidance strategy of the bad guys, as high level characters may have more awareness to this security issue as they have spent more time in the game.

We analyzed the malicious domain further and found some great discovery: The same server also hosts other phishing sites targeting World of Warcraft players:

  • http://{BLOCKED}p.us-support.net
  • http://{BLOCKED}p.wow-support.net
  • http://for{BLOCKED}t-eu-wow-account-blizzard.com
  • http://for{BLOCKED}t-wow-us-account-blizzard.com
  • http://{BLOCKED}a-pandaria.net

The newly discovered malicious websites are using Mist of PandariaWorld of Warcraft, and their corresponding abbreviations in their URLs.

Trend Micro users need not worry about these threats, as they are protected from these World of Warcraft phishing attacks via the Trend Micro™ Smart Protection Network™, which blocks access to the phishing websites.

It is interesting to note that some of the phishing websites were registered just days after Blizzard announced that Mist of Pandaria will be the next World of Warcraft expansion. This clearly shows that the bad guys are up to date and are always in the lookout for events and opportunities to expand their nefarious schemes.

Blizzard on their part have stepped up their security measures. They have published a dedicated security page to help users understand their security commitment; raise awareness on different types of account thefts, highlight a gamer’s security checklist, and a step by step guide on what to do when users suspect that their account is being compromised.

Blizzard also promoted their authenticator (available as an app for iOS and Android devices, and as a keychain fob) by giving away an exclusive World of Warcraft Corehound pet to users availing the authentication services.

We also advice our readers, casual and hardcore gamers alike to view our latest Security and Gaming e-Guide to get helpful tips to help secure their online game experience.

Thanks to Paul Pajares for additional technical details.

Image credits: blog.trendmicro.com

Original post from: TrendLabs | Malware Blog – by Trend Micro

My special thanks to Paul, JM, Tin, Gelo and Badette for their help in the article. You guys and gals rock!!!

I will give my personal insights on this article (World of Warcraft, Mist of Pandaria, Phishing and Security) here in menardconnect.com soon. Watch out for it OK?

Kindly view my other World o Warcraft posts here

To all online gamers out there, be safe online OK?

 

Posted on

TrendLabs PH Blogger Tour Part 2 Post


I mentioned several weeks ago that I joined the TrendLabs PH Blogger Tour and I welcomed some Pinoy Tech Bloggers to our Labs.

I got hold of some of the blogger’s articles and links about the TrendLabs Tour and as a sign of my appreciation I am giving out some link-love here at menardconnect.com

  • Inside an Anti-Virus Lab by Ron Villegas
  • Trend Micro gives a peek at global lab in PH by Glen Fontanilla
  • Trend Micro Labs Philippines Facilities Antivirus Tour by Jayson Biadog
  • A brief tour inside Trend Micro’s TrendLabs by Andrei Lim
  • XSTIG: Trend Micro TrendLabs Tour by by Florencio Jusay Jr
  • TREND MICRO TRENDLABS TOUR by Wilmar Duldulao

Will update this post when I have the other posts/links of  the other attendees

Again, thank you guys and hope to see you again soon…

Posted on

TrendLabs PH Bloggers Tour

Last week I participated in our company event for PH Tech Bloggers. I presented to Pinoy Tech Bloggers our company (Trend Micro) and what do we TrendLabs dudes and dudettes do for a living 🙂

Image Credit: TrendLabs/Trend Micro

My presentation is entitled “TrendLabs Tour, 1,000,000,000 threats daily, 1,000 Threat Response Specialists fighting the good fight” and I hope (and pray) that I presented it well.

Some personal insights: It’s a refreshing experience because I have not joined an end-to-end walking tour for a long long time!!!

I’m excited too (and honestly, I’m kabado rin) as this group IS Pinoy tech bloggers, and you know how I love to connect to my fellow pinoy bloggers (now you know why this blog is called menardCONNECT.com). even if this blog is not pure tech blog 😀

To the pinoy tech bloggers who attended the event: Thank you! It was really a pleasure meeting you all. I’ll be visiting your blog sites soon, and will connect to you via sns, twitter and/or google+ maybe. I’m really poor at matching names and faces and blogsites, but I know we will meet again in blogging events (IRL and online), and when that time comes just remind me that we met in the TrendLabs Tour and I will remember you!!!

Special greets to Miray, Macky and the rest of my team mates for a job well done. Sorry I cannot mention you all here (as I haven’t got your explicit permission yet, but I can and will edit this post  after getting your blessings).

Looking forward for the next TrendLabs blogger and social media event 🙂 **Wooot!**

Update 2012.o7.17

I created a new post with the links from pinoy tech blogger attendees. Kindly view TrendLabs PH Bloggers Tour Part 2 Post

Lastly some disclosure:
I work at Trend Micro. This blog post is NOT a paid post by Trend Micro. The information contained in this post is my personal insights on the Trend Micro/TrendLabs activity.

To know more on what I do at work, kindly visit my about page.
To know more about my blog’s full disclosure policy, kindly visit my disclosure page.

Posted on

Power User Group Shoutout: Free AV, Free Trend Micro Titanium Maximum Security 2012


I am avid supporter of our Power User Group. I believe I posted at menardconnect.com some of their activities on 2010 and 2011.

For 2012, they have revamped the rewards system, but I believe they will still be giving away some Free AV, Free Trend Micro Titanium Maximum Security product and other cool prizes too. But I am not after the rewards you know; this post is a testament of my all out support to the team 🙂

Quoting the Power User Group site, here are the benefits of being part of Trend Micro Power User Group this year:

  • Free license to the latest Trend Micro Home Use product after getting the following scores
    • at least 30 points – Free SN for Titanium Maximum Security 2012
    • at least 60 points – additional Free SN for Titanium Antivirus+ 2012
    • at least 90 points – additional Free SN for Titanium Maximum Security 2012
  • Be one of the first to test any latest Trend Micro Technology for Consumer-based products and tools.
  • Have a say on how we develop our products and services.
  • Win more Exciting Prizes! Top PUG 2012 Program contributors for the year will receive additional incentives.

So I encourage my readers to join the Trend Micro Power User Group. Kindly visit the Trend Micro Power User Group page:

https://www.trendbeta.com/pages/product_info/view/741

Read the agreement and check the checkbox.
Click on the Feedback.
And Register (if you are a new member) or login (if you already have a previous account).

Hurry! Because this offer may end soon!

Lastly some disclosure:
I work at Trend Micro. This blog post is NOT a paid post by Trend Micro. The information contained in this post was taken from Trend Micro (with permission from respective teams in Trend Micro).

To know more on what I do full-time kindly visit my about page.

To read my blog’s full disclosure policy, kindly visit my disclosure page.

Will post more updates about Power User Group and Titanium Maximum Security availability when its available.

If you find this post useful, kindly add me up in Twitter and Google+. You can also like my Facebook Page too 🙂

Posted on

My Post in Malware Blog: How Big will the Android Malware Threat Be in 2012?


Happy New Year to all!!!

I have many post ideas for the blog and I cannot decide which one to post first. But I guess I’ll settle with the post (or actually a repost) that is related to one of my favorite topics here at menardconnect.com and at work and that is Android and malware.

So to start the year 2012, I am re-sharing my article published on TrendLabs Malware Blog  last January 5, 2012.

How Big will the Android Malware Threat Be in 2012?
by Menard Osena (Solutions Product Manager)

In August 2011, we released our Snapshot of Android Threats, which stated that there was a significant increase in the number of Trojanized Android apps and actual malware targeting the Android platform.

In our 12 Security Predictions For 2012, we mentioned that smartphone and tablet platforms, especially Android, will suffer from more cybercriminal attacks.

In our continuous monitoring of this threat, we soon noticed that the problem was growing at an alarming rate. From a mere handful of malicious apps at the start of the year, it skyrocketed to more than a thousand malicious Android apps by the middle of December 2011. The average month-on-month growth rate for the second half of 2011 was more than 60%.

If this growth rate is sustained this year, then 2012 will definitely be an “exciting” year for Android. Why is this so? If current trends hold, we may be able to see more than 120,000 malicious Android apps by December.

There are several factors that are causing this explosive growth:

  • The increasing popularity of Android, as highlighted both by the number of total downloaded apps (more than 10 billion via the official Android Market) and the number of users and activations, as stated by Gartner and Google Senior Vice President of Mobile Andy Rubin.
  • The openness of the Android app distribution model. Unlike other mobile OSes, users are free to install applications without passing through any filtering process. This lowers the barriers to installing malicious apps considerably.
  • The cybercriminal mindset: Bad guys attack where the money is.

2011 already saw a wide variety of threats emerge for Android, as we discussed in our year in review. Android malware is definitely here to stay for 2012.

Original Post: TrendLabs Malware Blog: How Big will the Android Malware Threat Be in 2012?

Image Credit: blog.trendmicro.com
Note: With minor edits on the tags/image locations/bold fonts/etc.

Just like my previous Malware Blog article reposts, I will do my best to give additional personal insights here in Menardconnect.com soon.

For now just the repost and some shoutout and appreciation to my teammates who helped (in one way or another) me in the completion of the post.

Special thanks to Jonathan, Christian, Macky, Gelo, Dani, and Eric for their help in the article. You guys and gals really rock!!!

Posted on

On Droids and Threats


TrendLabs published some cool infographic about Android and threats. And since I mentioned in my previous post that I’d do my best to write more about Android here at menardconnect.com I am featuring that infographic here.

To commemorate the first year of the discovery of the first Android trojan, TrendLabs released a blog post on A Snapshot of Android Threats. Some great highlights includes the following:

  • 1410% increase on the number of malware samples discovered by the team from January 2011 to July 2011
  • 51.9 Million Android OS-based devices in use now
  • 33% of Facebook users access the Facebook site via their mobile devices

and a lot more.

My favorite part of the infographic is about the six :). What six? In the tradition of my free six cafe world cheats, my six new Philippine money, my six free wow mounts, my six tagalog love quotes and my free six video posts, I am listing the six types of Android malware according to TrendLabs:

  1. Data Stealer
  2. Premium Service Abuser
  3. Click Fraudster
  4. Malicious Downloader
  5. Spying Tools
  6. Rooter


Image Credit: blog.trendmicro.com

To know more about the Android threats and the infographic kindly visit Batangastoday.com and Trend Micro Malware Blog.

Before I end this post, some disclosure:

I work at Trend Micro. The post I have here in menardconnect.com are my own personal views and does not reflect the views and stand of my employer.

To know more about me, kindly visit my about page. To know about this blog’s disclosure policy kindly visit my disclosure page.

Hope you like my Android blog post 🙂

Posted on

On TrendLabs, Security and Social Media


I did some internal presentation for TrendLabs folks this afternoon on security and social media stuff. I cannot share details yet as not all sessions are done (still got 3 2 to go), but to give you a hint it’s related to my previous post here and in Malware Blog.

At the end of the presentation I mentioned that I also blog here at Menardconnect.com and since some of them might check the internet for this site, hence this post.

Yup TrendLabs dudes and dudettes, welcome to my blog. It’s not ALL tech, antivirus and security blog posts here, as I also blog about games, food and other random *woot* things. Kindly read my about page if you are still in doubt (if this is my blog) 🙂

Thank you to those who attended the first session and second sessions. I have to admit I still got some preso jitters (for the first session). Not sure if I’m just nervous or excited or maybe both 🙂

I plan update this post after each session, and will do another follow up post after all the sessions are done.

To my other readers (especially non-Trenders) sorry but the presentation is for internal TrendLabs folks for now.

Presentation for external? I’m not making any promises (my idea here is like the song lyrics “…I’m not making plans for tomorrow, For tomorrow never comes“).

But who knows?

Image Credit: about-threats.trendmicro.com

Update 2011.05.04
2nd session done. This session was more relaxed 🙂 maybe there is no additional “external” pressure 🙂 Thanks guys n gals for attending.

Posted on

Vote for TrendLabs Malware Blog in SC Magazine’s Best Corporate Security Blog

I just recently learned that our TrendLabs Malware Blog was nominated in SC Magazine’s Annual Social Media Awards.

I love the TrendLabs Malware Blog and I post some articles there every now and then. This post is a shout out to my friends and readers to help me and the TrendLabs Team make our Malware Blog the top blog.

Kindly vote for TrendLabs Malware Blog for SC Magazine’s Annual Social Media Awards in Best Corporate Security Blog category.

Here’s how:
1. Kindly go to SC Magazine US Site
2. Look for the Second Annual SC Social Media Awards Voting Poll
3. Choose TrendLabs Malware Blog (Trend Micro) from the list in “best corporate security blog”

4. Click Vote

Feel free to vote for your other favorite security bloggers and security tweeps in the next 2 polls.

Voting will end on Friday Feb 11th 8PM (EST) that’s Saturday, Feb 12th 9AM (GMT+8).

Thank you in advance!!!

Good luck to TrendLabs Malware Blog!!!

Posted on

Trend Micro Titanium, Sodexho Pass and Special Gift Packs Awaits


Do you want some free Trend Micro Titanium Maximum Security antivirus software?

How about if we add some Sodexho Pass worth P500?

Ok let’s increase the wager and add some Trend Micro Gift Pack (includes Trend Micro Shirt, Trend Micro 2011 Calendar and other TM freebies)?

If your answer is a big YES to all, then you are lucky. Read the details below:

Trend Micro will be having Power User Group event this coming weekend (February 12 and 13, 2011). My teammates are looking for laptop users who are willing to be part of Trend Micro’s standard product development process. In this event, my teammates will ask you to install Trend Micro Titanium 3.1 antivirus software in your laptop (minimum requirement is Windows 7 OS installed) and answer a set of questionnaire. My teammates will also be present at the event venue to support and assist you if you will have problems related to the product (installation n stuff).(note: I’d love to join you guys n gals in this event, but i’m not free that day. I’ll post my reason here soon I’m out for the RSA 2011 conference)

Below are the event details of the Trend Micro Titanium Intensive Beta Testing

WHERE:
TrendLabs Philippines
9th Floor | Tower 2, The Rockwell Business Center Ortigas Avenue, Pasig City (Beside The Medical City).

WHEN:
Session 1
February 12, 2011
Saturday, 1:00 P.M. to 5:00 P.M.

Session 2
February 13, 2011
Sunday, 1:00 P.M. to 5:00 P.M.

Note: Snacks will be served during the event

To qualify for the program, users must bring in their personal laptops running Windows 7 and IE 9.0 on the event day and install Trend Micro Titanium Maximum Security 3.1.
If you meet the minimum requirements, just follow the steps below to join.

  1. Subscribe to my RSS Feed OR my email Feed
  2. Fill Up the Zoomerang Survey or click the click here image below
  3. Kindly put my name, Menard Osena or Menardconnect.com to the field = “Who referred you to this testing”
  4. After signing up, you will receive a confirmation email from the Trend Micro Beta Team if you are qualified to participate.

Reminders: The slots are limited, so hurry, grab this opportunity and join now!

Registration closes on February 10, 2011, 12 noon.

Feel free to forward this blog post to your friends, family members or relatives to share this opportunity with them. If you have Facebook/Twitter/Plurk/etc, feel free to share/tweet/plurk this blog post too so that others can know about it.


Lastly, some disclaimer:
I’m an employee of Trend Micro. This blog post is _NOT_ a paid post by Trend Micro. The information contained in this blog post is taken from Trend Micro Beta Team (with permission to repost in my blog). To know more on what I do full-time kindly visit my about page. To read this blog’s disclosure policy in detail, kindly visit my disclosure page.

Image Credits: Trend Micro Beta Team

Posted on

FakeAV and the AV Security Suite Removal


FakeAV, Rogue AV, Rogue Antivirus, Fake Antivirus, Rogue Security Software, Scareware.

Different Security Vendors call them by different names. Simply put, these FAKEAV’s are malicious programs and software packages that mislead users by mimicking legitimate antivirus (AV) programs and giving false warnings (that the machine/ PC that they are using are infected by malware, viruses, spyware and lots of other bad stuffs).

AV Security Suite Image courtesy of Trend Micro Threat Encyclopedia and TrendLabs Malware Blog

And after running the supposedly antivirus scan, FakeAV offers some protective and removal solution if you buy and install their product. Beware: take note that this supposedly antivirus product will do more damage than good since it will do a lot of bad stuffs: it may download and install other malware or steal confidential information from your machine. FakeAV software package price ranges from 40 US dollars and above. And yes, definitely this is a lucrative moneymaking scheme for the bad guys. Read more in Trend Micro Report (PDF): The Business of Cybercrime: A complex business model

So what are my personal tips and suggestions for this Fake AV? How do I suggest dealing with this AV Security Suite Removal?

One good resource that I recommend is scanning your machine with Trend Micro HouseCall. This tool is Trend Micro’s free online malware scanner and cleaner and the new version (HouseCall 7) uses the Trend Micro Smart Protection Network technology that is both powerful and lightweight. If you are a techie-type of person you can try out other free tools like Hijackthis.

Ideally prevention is better than cure. So having a good antivirus/anti-malware/security product on your desktop is a basic and keeping it up to date is a must. Update it daily (at least) as there are tons of new malware coming out every day (read my old Malware Blog post on 1H 2009: Malware Threat Grows Ever Larger). Some personal suggestions is of course Trend Micro Internet Security Pro (PC-Cillin) or Trend Micro Titanium (cut and paste the links to your browser)

http://us.trendmicro.com/us/products/personal/internet-security-pro/index.html
http://us.trendmicro.com/us/products/personal/titanium-internet-security/index.html

But there are also a lot of other good, trustworthy and legitimate AV and Security products out there  (I will not list them all since I worry that I might miss some AV/AV products and my AV’er friend/s from that company might get mad at me (in Filipino: baka magkaselosan lang sila) so stick with TM products only 🙂 )

It is also wise to make sure that your operating system (OS) and other critical programs are patched with the latest updates.

Awareness is the key. Be aware of the programs that you are installing and running in your machine. Trust only those legitimate software. If suddenly an unknown program tells you that your machine is infected with some malware: DO NOT PANIC. Check first if the notification came from your legitimate Antivirus/Anti-malware/Security product installed. If not then be paranoid and double-check by running a scan from your AV product. Check also if the product is similar to the known FakeAV/Rogue Antivirus program names (and do not trust them right away). Partial list of FakeAV as compiled by Wikipedia.

Advanced Cleaner, AKM Antivirus 2010 Pro, AlfaCleaner, Alpha AntiVirus, ANG Antivirus (knock-off of AVG Anti-virus), Antimalware Doctor, AntiSpyCheck 2.1, AntiSpyStorm, AntiSpyware 2009, Antispyware 2010, AntiSpyware Soft, Antivirus 7, Antivirus Soft, Antivirus Suite, Antivirus System PRO, AntiSpyware Bot from 2Squared Software, AntiSpywareExpert, AntiSpywareMaster, AntiSpywareSuite, AntiSpyware Shield, Antivermins, Antivirus 2008, Antivirus 2009, Antivirus XP 2010, Antivirus 2010 (also known as Anti-virus-1), Antivirus 360, Antivirus Pro 2009, AntiVirus Gold, Antivirus Live, Antivirus Master, Antivirus XP 2008, Antivirus Pro 2010, AV Security Suite, Avatod Antispyware 8.0, Awola, BestsellerAntivirus, ByteDefender also known as ByteDefender Security 2010, Cleanator, ContraVirus, Control Center, Cyber Security, Data Protection, Desktop Security 2010, Doctor Antivirus, Doctor Antivirus 2008, DriveCleaner, Dr Guard, EasySpywareCleaner, eco AntiVirus, Errorsafe, ErrorSmart, Flu Shot 4, Green Antivirus 2009, IE Antivirus (aka IE Antivirus 3.2), IEDefender, InfeStop, Internet Antivirus, Internet Antivirus Pro, Internet Security 2010, KVMSecure, Live PC Care, Live Security Suite, MacSweeper, MalwareCrush, MalwareCore, MalwareAlarm, Malware Bell (a.k.a. Malware Bell 3.2), Malware Defender (not to be confused with the HIPS firewall of the same name), Malware Defense, MS Antivirus (not to be confused with Microsoft Antivirus or Microsoft Security Essentials), MS AntiSpyware 2009 (not to be confused with Microsoft AntiSpyware, now Windows Defender), MaxAntiSpy, My Security Wall, My Security Engine, MxOne Antivirus, Netcom3 Cleaner, Paladin Antivirus, PCSecureSystem, PC Antispy, PC AntiSpyWare 2010, PC Clean Pro, PC Privacy Cleaner, PerfectCleaner, Perfect Defender 2009, PersonalAntiSpy Free, Personal Antivirus, Personal Security, PAL Spyware Remover, PCPrivacy Tools, PC Antispyware, Protection Center, PSGuard, Privacy Center, Rapid AntiVirus, Real AntiVirus,
Registry Great, Safety Alerter 2006, Safety Center, SafetyKeeper, SaliarAR, SecureFighter, SecurePCCleaner, SecureVeteran, Security Master AV, Security Scan 2009, Security Tool, Security Toolbar 7.1, SiteAdware, Security Essentials 2010 (not to be confused with Microsoft Security Essentials), Smart Antivirus 2009, Soft Soldier, SpyAxe, Spy Away, SpyCrush, Spydawn, SpyGuarder, SpyHeal (a.k.a SpyHeals & VirusHeal), SpyMarshal, Spylocked, SpySheriff (a.k.a PestTrap, BraveSentry, SpyTrooper), SpySpotter, SpywareBot (Spybot – Search & Destroy knockoff, Now known as SpywareSTOP), Spyware Cleaner[135] SpywareGuard 2008 (not to be confused with SpywareGuard by Javacool Software), Spyware Protect 2009, SpywareQuake …

Important Note: This is partial list only. And these product names are just names in the UI (User Interface). FakeAV Developers can update this anytime by adding the year (and year next year) as what Legit AV products do. They can also add the usual legit product suffixes like Pro and Security Suite. Bottom line: use the name list with caution OK?

Original list taken from wikipedia

http://en.wikipedia.org/wiki/Rogue_security_software#Partial_list_of_rogue_security_software

I hope you find my FakeAV and AV Security Suite Removal post useful. I’m glad finally I finished one as I have been contemplating on writing a post on this topic since 2009. To know more about FakeAV, I recommend reading the TrendLabs Malware Blog

http://blog.trendmicro.com/?s=fakeav&image.x=0&image.y=0?=Search

Lastly some background info on me, my blog and some disclosure:
This blog is my personal blog and I discuss my personal views on Technology and IT/ Security here at menardconnect.com. This post is _NOT_ a paid post by Trend Micro but I disclose that I’m employed with Trend Micro. Read more on my about page and my disclosure page.