The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Sep 26 2013

The Icefog APT: Frequently Asked Questions

Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea.

Apr 11 2013

Winnti. More than just a game

The study shed light on the activities of a group that has persistently targeted online gaming companies for several years.

Apr 11 2013

Winnti 1.0 technical analysis

The favorite tool of the attackers has been malicious program we called "Winnti". It has evolved since the first use, but we divide all variants into two generations: 1.x and 2.x. Our publication describes 1.0 variant of this tool.

Jan 17 2013

“Red October”. Detailed Malware Description 1. First Stage of Attack

Based on the analysis of known cases, we identified two main ways through which Backdoor.Win32.Sputnik infects the victims

Jan 17 2013

“Red October”. Detailed Malware Description 2. Second Stage of Attack

Most of the tasks are provided as one-time PE DLL libraries that are received from the server, executed in memory and then immediately discarded

Jan 17 2013

“Red October”. Detailed Malware Description 3. Second Stage of Attack

The packer disrupts basic software breakpoints and some api hooking techniques, because it decrypts the original exe’s section contents onto heaps in-memory

Jan 17 2013

“Red October”. Detailed Malware Description 4. Second Stage of Attack

Files with the extension ".bak" are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA

Jan 17 2013

“Red October”. Detailed Malware Description 5. Second Stage of Attack

In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device

Jan 14 2013

"Red October" Diplomatic Cyber Attacks Investigation

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies

Aug 09 2012

Gauss: Abnormal Distribution

While analyzing the Flame malware that we detected in May 2012, Kaspersky Lab experts identified some distinguishing features of Flame's modules.