Archive for March, 2008

TrendMicro Website hacked /FUCKJP.JS /VIP 2.74

Posted in Uncategorized on March 15, 2008 by ianstarkc

There are some reports in the media that Antivirus Company TrendMicro website hacked and spreading malware .In short you can read that information  here,  here, and here also

According to Sophos coverage,  their website got injected on 9th March but i got a Google Cache page of infected TrendMicro Japanese page as on 6th March. It means their website was injected with script before 9th March.

Why attackers used the name of the script as “FUCKJP.JS”  ? You all know what stands for JP 🙂

Also I searched for the same script in Google  & found around 13000  injected pages of legtimate websites mainly in INDIA  also NIC.IN !!

After Analyzing the script I remembered that these kind of scripts are created by using some Web attckers  toolkit like MPack, FirePack, IcePack , WPack or AnnyPack in which just you have to feed some info like payload and place it to compromised webserver or newone. But in this case the it is VIP 2.74 from Chinese Hackers. Latest Version is 2.842. 

Other Information about the malware you can find yourself :).  Just see below the screenshots…

3.jpg

1.jpg

2.jpg

4.jpg