TrendMicro Website hacked /FUCKJP.JS /VIP 2.74

There are some reports in the media that Antivirus Company TrendMicro website hacked and spreading malware .In short you can read that information here, here, and here also

According to Sophos coverage, their website got injected on 9th March but i got a Google Cache page of infected TrendMicro Japanese page as on 6th March. It means their website was injected with script before 9th March.

Why attackers used the name of the script as “FUCKJP.JS” ? You all know what stands for JP 🙂

Also I searched for the same script in Google & found around 13000 injected pages of legtimate websites mainly in INDIA also NIC.IN !!

After Analyzing the script I remembered that these kind of scripts are created by using some Web attckers toolkit like MPack, FirePack, IcePack , WPack or AnnyPack in which just you have to feed some info like payload and place it to compromised webserver or newone. But in this case the it is VIP 2.74 from Chinese Hackers. Latest Version is 2.842.

Other Information about the malware you can find yourself :). Just see below the screenshots…

This entry was posted on March 15, 2008 at 9:46 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “TrendMicro Website hacked /FUCKJP.JS /VIP 2.74”

[HELP]Need to unscramble this... Says:
November 15, 2010 at 8:36 pm

[…] http://bbs.mumayi.net/thread-1084859-1-1.html https://annysoft.wordpress.com/2008/0…kjpjs-vip-274/ maybe some helpful INFO. Reply With Quote + Reply to Thread […]

Reply

K\’LL3r