In association with heise online

14 March 2008, 11:15

Trend Micro's web site infected

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Trend Micro blog reported on March 11 that the web site of Swedish rock band The Hives had been contaminated with a malicious iframe that installed a dropper trojan via a JavaScript link. The following day the vendor discovered that it had fallen victim to a similar attack itself.

The Trend Micro site was apparently infected last Sunday, but the problem only became public yesterday with a Japanese language announcement on the site. The vendor has not released any details in English, although an interim analysis on the Sophos blog suggests that English language pages were also infected. The infected pages were apparently taken down on Wednesday.

According to Sophos, the attackers injected iframes into the vendor's malware analysis pages. A Trend spokesman is reported as saying "about 32" pages were infected, "most of them from the encyclopedia." The iframe used JavaScript to infect visitors with a dropper trojan and a backdoor from a server based in China, but the specifics of the attack vector are not yet clear. There are rumours that Trend Micro was not specifically targeted, but fell victim to a larger scale attack affecting over 20,000 web sites, and that the intrusion may have been via a bug in Microsoft's Active Server Page technology, which was apparently used on the Trend Micro servers.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit