Mar 24, 2008

Trend Micro gets hacked

Of course it involves porn :/

Mass Hack Attack

Posted by Laureli Mallek Wed, 19 Mar 2008 17:04:00 GMT

As Cnet and ITNews reported, Trend Micro got hacked last week. It was later discovered that users who visited the site got lucky in a big way: “We now know that the redirect on the site was broken code,” Mr Sweeny, Trend Micro’s spokesperson told ITnews. “It didn’t work properly and didn’t infect anybody.”

Additionally ITNews reported that a different wave of infection has formed, and it involves working code. This second mass attack is different, since it attempts to trick users into manually downloading an infectious codec.

The difference is linked with the modes of assault, ASP versus phpBB, AvertLabs explains. ASP attacks tend to focus on exploits that manipulate vulnerabilities in browsers or other software. The phpBB attacks use social engineering by exploiting the cognitive biases of users. I give the latter approach more points for interaction and creativity to manipulate users. Those points (sadly) get negated by the terminal result of those efforts.

Maybe the 200,000 users who went for the faux-porn offer (enough that they tried to download the player) should remember if the prize is too big, its probably not worth th download.

No comments: