20 May Jumcar. From Peru with a focus on Latin America [First part] Jorge Mieres
18 May NoSuchCon 2013 Stefano Ortolani
17 May Malicious PACs and Bitcoins Fabio Assolini
13 May Telecom fraud — phishing and Trojans combined Dong Yan
27 Apr CeCOS VII Michael
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
We've recently seen a phishing run against Lloyds Bank. It's an interesting tactic - we do work with some UK banks to provide products to their customers - and this might make Lloyds customers think the offer is genuine.
Of course, it's not. And anyone with a bank account, whether they use online banking services or not, should remember that banks are taking measures to try and keep their users safe. But sending out unsolicited email isn't one of them!
Greetings from London – or more specifically from RSA Europe 2008. Denis, Andrei, Roel and I are all here at this year's conference which is dedicated to Alan Turing, the great British mathematician and cryptographer.
If you keep your ears open, the names you'll hear most frequently are Turing, Enigma, and Bruce Schneier. The conference includes a display of cipher machines from a range of eras and countries, including the Enigma machine whose code Turing helped to break. Needless to say, there's no shortage of people wanting to take a look!
The first impression that I got after stepping out of the plane few days ago in Dubai was "hot!!" - it was at least 35 centigrates just a bit after midnight.
Besides being very hot, Dubai has a booming economy and if probably most famous for its towers, or 'Burj' in Arab.
Between them, there is one which really stands out: Burj Dubai - the tallest building in the world, which you can see here between the imposing Emirates Towers.
Don't be fooled by the perspective though - Burj Dubai is currently over 700 meters tall and will reach 818 meters when finished next year.
For any readers in the UK who may be interested, take a look at The Gadget Show on Channel 5 at 8pm this evening, where the presenters will be looking at hacking. You can find more details on the show here.
By now most people have seen the Secunia test results and all the ensuing discussions. Frankly, I was a bit surprised by the vehemently negative reaction from a number of AV vendors.
And it doesn't seem to be about the 20% difference between the 'winner' and the rest. Criticism has focused on the testing methodology, which many people thought was dubious. Some of the suggestions were useful - mostly those from Andreas Marx, the well-known AV solutions tester from Germany. The general tone, though, seems to be that many AV vendors thought their results would have been a lot better if the test methodology had been different. And maybe they're right.
But I think people are too focused on looking for mistakes in the tests and/or attempting to explain their poor PoC detection rates. Sure, criticizing Secunia's testing methods is justified, but only if we're discussing testing methodology, and nothing else.
As I see it, Secunia wasn't trying to highlight the weaknesses of AV solutions - I think they were trying to make a different point...
At Kaspersky, we've taken a decision not to detect PoC vulnerabilities - it's far more sensible to focus on protecting users from the real threats and exploits that are being used by malware authors in the real world. That's what our antivirus databases are for. The point isn't so much that detecting PoCs is a pretty difficult task (although the test results clearly show that even Microsoft and Symantec, with all of their resources, didn't fare all that well) but that detecting PoC s is a dead end, and doesn't address the fundamental problem.
So what is the problem?
There's a new Trojan spreading in Russia. You might think that's nothing new, and that the crowd control (aka the AV industry) would be saying 'Move on. There's nothing to see'.
But in this case it's a bit different. We picked up this Trojan a while ago, but the latest variant of Trojan-SMS.J2ME.Konov is now spreading via social networking sites, specifically "Vkontakte" (the Russian version of Facebook).
So how does it work? Well, Vkontakte's been spammed with messages saying "Hi! Guess what, today the first channel news showed Zuganov's got a campaign running throughout Russia – he's got a big budget to support the KPRF [editor's note: Communist Party of the Russian Federation]. He's making the following offer - download a JAVA program to your mobile and it'll send a request to add 500 roubles to your account. Everybody gets it. 1 phone number can take part once. It worked for me! Try it. You can download the program to your computer and then send it to your phone. Download the program by by going to [link].
If the user launches this program on his/ her phone, then the Trojan which has been downloaded sends an SMS message to five premium numbers – and the user doesn't know anything about it. Each SMS costs around $10, which is pretty high, even for an SMS to a premium number.
The Trojan isn't sophisticated from a coding point of view. Yep, there's nothing to see. But in terms of how it's spreading, now that's interesting. It's mobile malware spreading via social networking sites – and this is just what we predicted would happen.
Needless to say, we've blacklisted the site the Trojan spreads from, and we detect it as Trojan-SMS.J2ME.Konov.b. But it's yet another warning to users to be on their guard – the next Russian elections aren't for around four years, but this case shows that cyber criminals are using everything they've got in their arsenal.
During our visit to the Virus Bulletin conference 2008 last week a man was arrested in Belgium for using someone else's unsecured Wifi connection to get on the Internet. (More details in Dutch available here).
The case is interesting because the only thing this guy did was use the connection to get onto the Internet - what we call Wifi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. And quite a lot fo countries (such as the UK and Belgium) have laws making this illegal.
There've been other cases like this in the past: Illinois man was arrested and fined an $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free Wifi was charged back in May 2007 with "Fraudulent access to computers, computer systems, and computer networks."
Stealing Wifi Internet access may feel like a victimless crime, but it's wrong nonetheless. You could be depriving ISPs of revenue. Furthermore if you've hopped onto your next door neighbors' wireless broadband connection to illegally download movies and music from the Internet, chances are that you are also slowing down their Internet access and impacting on their download limit.
From a security point of view, if someone can access your network, they can misuse that network, and (potentially) the computers on it. For instance, two months ago Indian police raided the Mumbai home of an American expatriate after someone used his open wireless network to send an email taking responsibility for a bomb blast that killed at least 42 people.
The Indian authorities are now considering making open Wifi networks illegal. And Belgian law enforcement want to make an example of the man arrested last week. So to stay on the right side of the law, do yourself a favour: don't go using anyone else's network without permission. And make sure that your network and router are secured - you may be ethical, but that doesn't mean that everyone else is.
CeBIT Eurasia, taking place between 7th and 12th of October in Istanbul, is no less important than its European counterpart. We're here showcasing the latest version of our products in hall 2, section 248. If you are in the city and visiting CeBIT, we'd love to see you!
The photo above shows the calm before the storm. Now that CeBIT's started, it's been pretty busy around here.
Hello from rainy Ottawa, which is hosting the annual Virus Bulletin Conference.
This time, the conference is a bit more important for us, as there'll be no less than three Kaspersky presentations over the two next days.
David Emm kicks off the conference with the first presentation in the corporate stream, on the Malware Ecosystem. (http://www.virusbtn.com)
The day after tomorrow, Andrey Bakhmutov (http://www.virusbtn.com) will talk about tracking botnets that send spam in real time. And Darya Gudkova (http://www.virusbtn.com) from our Spam Lab will take the stage to provide a view on the russian spam factories.
The full program along with short abstracts for each speech can be found here: http://www.virusbtn.com