TrendMicro Website hacked /FUCKJP.JS /VIP 2.74

There are some reports in the media that Antivirus Company TrendMicro website hacked and spreading malware .In short you can read that information  here,  here, and here also

According to Sophos coverage,  their website got injected on 9th March but i got a Google Cache page of infected TrendMicro Japanese page as on 6th March. It means their website was injected with script before 9th March.

Why attackers used the name of the script as “FUCKJP.JS”  ? You all know what stands for JP 🙂

Also I searched for the same script in Google  & found around 13000  injected pages of legtimate websites mainly in INDIA  also NIC.IN !!

After Analyzing the script I remembered that these kind of scripts are created by using some Web attckers  toolkit like MPack, FirePack, IcePack , WPack or AnnyPack in which just you have to feed some info like payload and place it to compromised webserver or newone. But in this case the it is VIP 2.74 from Chinese Hackers. Latest Version is 2.842. 

Other Information about the malware you can find yourself :).  Just see below the screenshots…

3.jpg

1.jpg

2.jpg

4.jpg

Advertisements

One Response to “TrendMicro Website hacked /FUCKJP.JS /VIP 2.74”

  1. […] http://bbs.mumayi.net/thread-1084859-1-1.html https://annysoft.wordpress.com/2008/0…kjpjs-vip-274/ maybe some helpful INFO. Reply With Quote + Reply to Thread […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: