Trend Micro sends an alarmist email that looks more like a hoax than a warning

Check this email out.  It came from our Trend Micro support rep.  They are acting like the reported Electronic Jihad virus might be catastrophic, even though they don’t know if it will work.  Their last sentence is the most bizarre because of its alarmist overtone and misspelling.  Let paranoia reign!

Dear PSP Customer,

Real-world terrorists are once again threatening to take their jihad (Holy War) to cyberspace. The notorious Al-Qaeda has threatened to launch a Web attack on Western anti-Muslim Web sites on the 11th of November, according to DEBKAfile, an online military intelligence magazine. An attack like this could be unleashed via the Electronic Jihad Version 2.0 software, which is not actually new and has been around for about three years now. The said software is capable of distributed denial-of-service (DDoS) attacks. It is also configurable and flexible, which makes it easy for cyber-terrorists to be more effective in the said attacks. Detailed Malware description: http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=HKTL%5FDAHIJ%2EA&VSect=Td
Researchers across the industry have raised quizzical eyebrows as similar threats have turned out to be a dud, like the cyber attack that never happ ened against U.S. banks and financial institutions in December 2006. However, such software was recently discovered by Trend Micro researchers. The hacking tool, which is detected as HKTL_DAHIJ.A, arrives as an installer package and may be downloaded from a remote site. This hacking tool connects to a URL for verification purposes. After successfully establishing a connection, it downloads a list from several URLs. The said list, which contains another set of URLs, is used by the affected system to launch Denial-of-Service (DOS) attacks for the so-called e-jihad.

Law enforcers and other experts say that threats such as these should not cause much of a fuss as Web threats happen on a regular basis. Eli Alshech, Director of the Jihad and Terrorism Studies Project at the Middle East Media Research Institute, considers these e-jihadists as more of a nuisance than a threat. But with these terrorists, we will never know what they will do next. Is 11/11 going to be another date to remember?

The next big Web attack may unfold on the 11th of Novemb

Thank you,
Trend Micro Premium Support

Advertisement

Microsoft is stalling in the SaaS area

I received an InfoWorld article called “Microsoft exec: Desktop application software is not dead.”  The short story is that Microsoft claims that Google and others cannot provide the same level of service and quality through web based apps as Microsoft can through installed apps.  While Microsoft is technically correct in the short term, this will change.  Let me predict what Microsoft is going to do right now.  Microsoft will develop a fully functioning version of Office.  Then they will market it as a brilliant idea that they thought of and perfected.  Microsoft will claim that they did it first and they did it best, when in reality neither will likely be true.  Until then, expect Microsoft to deride Google, IBM, Sun, and others.  What’s new?

TROJ_DLOADER.SPI is showing up on a few machines a day.

We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines.  Trend Micro claims it’s not “in the wild.”  That’s not true.  I haven’t seen this many virus reports for XP in a long time.  Trend Micro’s fix is to update DAT’s and scan the machine.  I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix.  The virus appears to come from webpages.  Here’s a sample error:

Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.

File: C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\XFE1E8MF\_YzFvdDRpbmc_NzI4X2FvXzM5NThfMF8xMDIyOF9hb18_a2V5aW4_[1].exe

Detection date: 11/13/2007 14:33:05

Action: Virus successfully detected, cannot perform the Quarantine action

 I’ll keep an eye on this.  Let me know if you see anything.

 UPDATE: I got some more info on this.  Some of our SA’s have been tracking it.  The virus alerts come up when people visit a certain media industry website.  The site either pops up another site, or somehow redirects to “malware-scan.com”.  Don’t go to that site unless you want to get infected.  You should consider blocking that site using Websense or other tools.  I hope this additional info helps.