It took me a while but I'd say http://trendmicroinc.cn is a phishing site.

The domain looked a little odd so I checked with McAfee http://www.siteadvisor.com/sites/trendmicroinc.cn which said it was a phishing site.

I then looked at the site, links were ok, pages loaded fine seemed ok. I downloaded a file from the site TMASInstall_EN_US.exe which Microsoft ForeFront said was TrojanDropper:Win32/Malf.gen (I suspect it may be a false positive but I may be wrong, I'll run it later today) but I couldn't see how it was a phishing site.

That's when I went to download a "trial" and found this http://trendmicroinc.cn/us/products/sb/antispyware-for-smb/download/index.php?productID=63 which must be the phishing page.

I thought it worth a mention.


Tetak

Have you submitted this to PIRT? Here is another one.

http://trendmicroinc.cn/us/products/sb/antispyware-for-smb/download/index.php?p=2&productID=63

I found one story about it.

http://www.securitypronews.com/insiderreports/insider/spn-49-20070904TrendMicroTargetedByPhishingScam.html

See http://blog.trendmicro.com/trend-micro-web-site-phished21/; this is a case for MIRT, not PIRT.

Anyway, I have 'complaineratored' the domain.

I don't think I submitted it to PIRT or MIRT, I wanted to see what other people thought before I did.

I've added the file to the malware listserv.

The site seems to have been disappeared.

That is good.

The blog was a good response by Trend Micro.