English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0
 

The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend. Over the last year, Trojan-SMS.AndroidOS.Stealer.a, a mobile Trojan, has become a leader in terms of the number of attempted infections on KL user devices, and now continually occupies the leading positions among active threats. For example, in Q1 2014 it accounted for almost a quarter of all detected attacks.

Geographic distribution

This SMS Trojan has actively been pushed by cybercriminals in Russia, and there have also been continual attempts to attack users in Europe and Asia. Infections with this Trojan have occurred virtually everywhere across the globe:

Spam Test|Would you like some Zeus with your coffee?

Maria Vergelis
Kaspersky Lab Expert
Posted April 16, 15:47  GMT
Tags: Spam Letters, ZeuS
0
 

Cybercriminals often like to use a bogus letter to trick people into opening malicious attachments. There are two tricks that make this work: a message from a familiar name (a bank, social network, service provider or other organization that might interest the recipient) and an intriguing or alarming subject. An attack based on fake messages supposedly from coffee chain Starbucks combined the two.

0
 

In the first week of April 2014 we were at “The Symposium on Security for Asia Network" (SyScan), a “geeky” single-track conference located in Singapore.



I liked the friendly atmosphere from the very first slides of the event (as is seen above).

The program covered hardware and software attacks like “Car Hacking”, “Defeating SecureBoot”, “Point-of-Sale”-hacks (“Flappy Bird” injected on a mobile POS device was my favorite), “RFID”-hacks, “Anti-Virus Software” flaws, “Phone hacks”, “OS-Hacks” and a “Linux Memory Forensic” case study amongst others.

All of the presentations were of quite high quality in content and most of the speakers did a nice job presenting their content.

Much beer did flow at the “BarCon” at the end of day one ...

Spam Test|The omnipresent dad

Maria Rubinstein
Kaspersky Lab Expert
Posted April 09, 09:00  GMT
Tags: Spam Letters, Spammer techniques
0
 

Many websites show different text depending on where the user lives. For instance, home pages of some portals show you the news and weather of your region by default, because you are most likely to be interested in this kind of information first of all.

Of course, spammers and fraudsters also make use of this approach.

The following letter, written in Spanish, advertises an easy way to earn money online:

The attached link directs users to times-financials.com, registered in October 2013, according to the information on whois:

“Moscow City dad makes $14,000 per month” – says the title.

From Moscow? Hmmm.

Software|Adobe Updates April 2014

Roel
Kaspersky Lab Expert
Posted April 08, 20:38  GMT
Tags: Adobe
0
 

This month's Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched.

CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest's Pwn2Own. (It looks like these CVEs were initially assigned CVE-2014-0511 and CVE-2014-0510.)

0
 

Absolutely all of the latest versions of Microsoft Word and some versions of Internet Explorer maintain critical vulnerabilities enabling remote code execution. Today, Microsoft releases two critical patches to close multiple vulnerabilities with each. Two important updates are released to address a batch file handling issue and another RCE hole in Microsoft Publisher. All of these are addressed with MS14-017 through MS14-020.

Both end users of Microsoft Office software and system administrators of SharePoint portals, Microsoft Office Web Apps servers, and even Apple Office for Mac users need to download and install these patches: MS14-017 and MS14-018.

These sorts of Office vulnerabilities are commonly and frequently the delivery vector for targeted attack spearphishing campaigns. Red October, NetTraveler, and Icefog, all abused Office vulnerabilities in their spearphishing campaigns. There are many more of these groups, and they will continue to actively pursue potential victims, in part using exploits for Office applications.

On the brighter side, Microsoft is doing a fantastic job of consistent response and update delivery. Accordingly, their software, while it continues to be heavily used, does not continue to remain even in the top 10 vulnerable software applications that we see. Those spots still go to Oracle's Java, Adobe's Flash and Photoshop, Apple's Quicktime, WinRAR, WinAmp and other media players, and other apps that are frequently targeted by commodity exploit packs.

Follow me on Twitter

The Internet Explorer vulnerabilities do not hit all of the Microsoft platforms in the same manner as the Word vuln this month, although critical RCE is enabled by every version of unpatched Internet Explorer code on at least one version of every Microsoft Windows platform. So, Internet Explorer 6, which no one should be using, maintains critical RCE on the now unsupported Windows XP SP3 and XP Pro x64 SP2. IE 7, 8, 9 all maintain critical RCE as well. Internet Explorer 10 is not affected. IE 11 on Windows 7 and Windows 8.1 maintains critical RCE, but moderate severity on Windows Server 2008 and Windows 2012 R2. The Windows Update software will smoothly make sense of all of the versioning and patch needs for you when run. Nonetheless, there are serious issues here that exploit packs likely will attack with fresh exploit code.

Comment      Link

News|End of the line for Windows XP

David
Kaspersky Lab Expert
Posted April 08, 08:50  GMT
Tags: Microsoft
0
 

Support for Windows XP is ending: after today there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.

Is this a problem? After all, it's a 12-year old operating system.

It wouldn't be, if it weren't for the fact that there are still a lot of people running Windows XP - our data indicate that around 18 per cent of our customers are still running Windows XP. That's a lot of people wide open to attack once the security patches dry up: effectively, every vulnerability discovered from now will become a zero-day vulnerability – that is, one for which there is no chance of a patch.

The problem will be compounded once application vendors stop developing updates for Windows XP - every un-patched application will become another potential point of compromise, further increasing the potential attack surface.

Switching to a newer operating system might seem like a straightforward decision. But though Microsoft has given plenty of notice about the end of support, it’s not so difficult to see why there might be difficulties for some businesses. On top of the cost of switching operating system, it may also mean investing in new hardware and even trying to replace a bespoke application developed specifically for the company - one that will not run on a later operating system. So it's not so surprising to see some large organisations paying for continued support for XP .

So if you don't switch right now, can you stay secure? Will your anti-virus software protect you?

Certainly it will provide protection. But this only holds good if by 'anti-virus' we mean a comprehensive Internet security product that makes use of proactive technology to defend against new, unknown threats - in particular, functionality to prevent the use of exploits. A basic anti-virus product, based largely on signature-based scanning for known malware, is insufficient. Remember too that, as times goes by, security vendors will implement new protection technologies that may well not be Windows XP-compatible.

At best, you should see this as a stop-gap, while you finalise your migration strategy. Malware writers will undoubtedly target Windows XP while significant numbers of people continue to run it, since an un-patched operating system will offer them a much bigger window of opportunity in which to exploit vulnerabilities they find. And any Windows XP-based computer on a network offers a weak point that can be exploited in a targeted attack on the company - if compromised, this will become a stepping-stone into the wider network.

There's no question that switching to a newer operating system is inconvenient and costly - for individuals and businesses. But the potential risk of using an operating system that will become increasingly insecure might well outweigh the inconvenience and cost.

Comment      Link

Virus Watch|Stealing from wallets

Roman Unuchek
Kaspersky Lab Expert
Posted April 04, 11:06  GMT
Tags: Mobile Malware, Electronic Payments
0
 

We’ve written several times about mobile malware that can send text messages to premium numbers or steal money from online bank accounts. We also know that cybercriminals are constantly looking for new ways of stealing money using mobile Trojans. So our recent discovery of Trojan-SMS.AndroidOS.Waller.a highlighted a new get-rich technique that not only sent a premium SMS but also saw the malware attempt to steal money from a QIWI electronic wallet.

After Trojan-SMS.AndroidOS.Waller.a launches, it contacts its C&C server and awaits further commands.


Request to the C&C

0.1
 

It's been a while since the last massive Internet outage took down Syria’s backbone network (AS29386). More recently, however, Syria suffered yet another large-scale Internet black out that lasted for about seven hours. In contrast to previous incidents, where networking routes began to disappear gradually from border routing devices, this time a cut off fiber optic cable was deemed responsible for leaving most of the country off-line.

Given the complexity of the current political situation, there are many different factors which could be involved in this event, but from the outside these are all largely speculative. Pro-government groups will talk about sabotage and opposition activists will talk about censorship. Here, we'll only focus on malware and the facts that have been found during the analysis, presenting only relevant information in the hope of setting a clear context for this research.

Virus Watch|Caution: Malware pre-installed!

Dong Yan
Kaspersky Lab Expert
Posted March 31, 09:03  GMT
Tags: Mobile Malware, Google Android
0.2
 

China’s leading TV station, CCTV, has a long-standing tradition of marking World Consumer Rights Day on March 15 with its ‘315 Evening Party’. The annual show makes a song and dance about consumer rights violations. This year’s party reported on cases where smartphone distribution channels pre-install malware into Android mobiles before selling them on to unwitting customers.

As the program showed, the malware pre-installed is called DataService: