Buying and selling stock online is big business. It also carries it’s own risks. And we don’t mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger.

Read more:
Online stock trading is risky

TrendLabs researchers recently received a report on malvertisements that appeared while a user was browsing through a popular Web-based email service. At first glance, the ads may seem like the typical Web browser nuisance. However, random ads were proven to be vectors for downloading malware onto users’ systems

Read the original here:
Malicious Ads Lead to PDF Exploits

Another day, another news, and well… another SEO Poisoning stint. Using PDF files in SEO poisoning is a bit recent, but not exactly fresh news.

See original here:
SEO Poisoning Sites Use Flash for Redirection

We’ve been seeing a gradual shift in malicious PDF file coding (no surprise there, we know malware authors can and do adapt their techniques). For a long time, we saw malicious PDF files that were simple enough to allow us to readily decipher the intent of the malicious code — shell code, download/execute, drop and load, et cetera. Now we’re seeing more and more complex obfuscation being used, which requires us to break down the PDF file.

Excerpt from:
Analyzing PDF Files

We saw a pretty PDF file today (md5: 116d92f036f68d325068f3c7bbf1d535). It looks like this: Nice flowers. Unfortunately, when viewing the file, it uses an exploit against Adobe Reader and drops and runs a file called 1.exe

More:
Watch out for flower-show.org

We just blogged about a highly targeted attack against military contractors. Now we saw one against the intelligence sector.

View post:
Intelligence sector hit by a targeted attack

Foxy Loxy by Gustaf Tenggren

Over the few last years, we’ve worked with dozens of companies who have been hit with targeted attacks , ie. espionage trojans. Not a single one of these companies went public with the information.

See the original post here:
Targeted Attacks Against Google

Every year the Web security community produces dozens of new hacking techniques documented in white papers, blog posts, magazine articles, mailing list emails, etc. Not to be confused with individual vulnerability instances brandishing CVE numbers, nor intrusions / incidents, but actual new methods of Web attack. Some techniques target websites, others Web browsers, and the rest somewhere in between.

More:
Top Ten Web Hacking Techniques of 2009 (Official)

After the holidays, spammers now are capitalizing on the upcoming tax season. Recently, Trend Micro threat analysts found spammed messages purporting to come from the Internal Revenue Service (IRS)

View original post here:
Bogus IRS W-2 Form Leads to Malware