English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.8
 

You may have read about the Cryptolocker malware, a new ransomware Trojan that encrypts your files and demands money to return them.

In the past, we have witnessed similar malware like the famous GPCode that used RSA keys for encryption. Back in 2008, we cracked the 660 bit RSA key used by GPCode and provided the victims with a method to decrypt and recover their data. Later, the GPCode authors upgraded the RSA key to 1024 bits, putting it perhaps only in the realm of NSA’s cracking power.

0.3
 

LANDesk Interchange 2011 is winding down in Las Vegas today. The event gathered partners and displayed newer technologies offered by the decade old systems management company. It was interesting hearing from IT "old-timers" that have worked with the technology, describing the company's impact on the industry - its spinoff from Intel, the original LANDesk AV product that wound up in another vendor’s product, and what they like about Kaspersky Lab technologies integration into the security suite. We were happy to present at our partner's conference with "The Dark Side of Unmanaged Desktops", where I described 2011 incidents that both I and our Global Emergency Response Team have investigated and remediated, some incidents in the news, and some of the IT mismanagement issues that enabled these incidents to occur.

0.1
 

Kaspersky Lab chief technology officer Nikolay Grebennikov joins Ryan Naraine to discuss the evolution of anti-malware software. Grebennikov talks about the changing face of the malicious threat facing desktop users and the additional components added to Kaspersky's anti-malware products to move beyond signature-based detection of threats. He goes into detail about heuristics and emulation, behavior-based detection and newer proactive technologies to handle real-time malware detection.

comments      Link
0.1
 

In this webcast, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, shares his extensive knowledge of the driving forces that power the modern cyber-criminal ecosystem and discuss the way that cybercrime operates. He covers the latest developments in the security technologies and describes how he sees the security industry developing in the nearest future. Additionally, Eugene pays particular attention to showing how modern cloud security solutions not only protect users and businesses, but can seriously impede the cyber-criminals' black economy, thereby significantly reducing cyber-crime.

Comment      Link

Incidents|Malvertising on ImageShack

David Jacoby
Kaspersky Lab Expert
Posted May 04, 16:12  GMT
Tags: Antivirus Updates, Malvertizing
0.5
 

Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.

Advertising on the page loads a exploitable Java vulnerability that Kaspersky recognizes as Exploit.HTML.CVE.2010-4452.m, which then tries to download Trojan.win32.TDSS.cgir. TDSS as some of you may recognize is a rootkit that can access Windows at its lowest levels and can prove extremely difficult to remove.

Upon opening the page, the advertisement loads, and a connection to http://--removed--ediagroup.com/enc/jv.html is made. This launches the actual exploit. A second page http://--removed--ediagroup.com/load.php?2 is loaded which drops the Trojan containing the TDSS malware.

Kaspersky already detects both the exploit, as well as the Trojan payload. This serves as a reminder of the importance of keeping your Anti-virus up to date.

We will update with further details as they become available.

Comment      Link
0.3
 

In this episode of Lab Matters, Kaspersky Lab malware researcher Tim Armstrong joins Ryan Naraine to examine the security posture of the Android mobile operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting Android devices.

Comment      Link

Opinions|Do you update?

Roel
Kaspersky Lab Expert
Posted July 19, 13:55  GMT
Tags: Antivirus Updates
0
 

Most people I talk to claim that they are strong believers in updating. They update their operating system, applications that come with the operating system and security software almost religiously.

In turn most of these people are surprised when they hear that they should regularly check for updates to all the software they use. One example is some popular media players - some time ago, vulnerabilities were detected in them which allowed for remote code execution. And now of course we're seeing the same situation with Microsoft Office.

Over time we have also seen an increased focus on exploiting server-based software. Just think back to Net-Worm.Perl.Santy.a - it caused a major epidemic by exploiting a vulnerability in unpatched phpBB forums. More recently we’ve seen a large number of hackers targeting a vulnerability in IPB forum software. This resulted in a lot of sites being compromised and/ or defaced.

And right now we’re seeing extensive defacements on sites using outdated versions of Joomla and/ or Mambo.

It's clear if a site has been defaced. It won't be quite so obvious if a site has been compromised.

Although we’ve been telling people to update regularly for a long, long time, this latest case shows that we can’t say it too often. Once again: it's of the utmost importance you make sure that all of your software is up to date, both on your local machine and on any remote servers which you administer.

Comment      Link

News|A milestone in the former USSR

Eugene
Kaspersky Lab Expert
Posted June 13, 11:49  GMT
Tags: Antivirus Updates
0
 

Once upon a time, back in the USSR, I accidentally got a virus on my computer, an Olivetti M24.

And I started my anti-virus career. That was in September (or October) 1989. And the first record was added to my first utility to fight computer viruses (well, in this case, just one computer virus). It was a challenge for me to analyze the code - and develop an anti-infection routine. I was so curious, and of course I didn't realize that it would become so serious.

Now there's an industry, now there are thousands of people developing anti-* solutions (including hundreds in my company). And just last night we had a major milestone - we added the 200,000th record to our antivirus databases. Cruel world...Two hundred thousand antivirus records! And the number will continue to increase - we're already up to 200,157 records.

Comment      Link

News|No compromises here

Costin Raiu
Kaspersky Lab Expert
Posted May 26, 12:32  GMT
Tags: Antivirus Updates
0
 

A couple of worried users have contacted us to ask if KAV is going to drop detection for old boot/DOS viruses in the future, or for extinct Trojan downloaders.

At the moment, we've got no plans to do that. It could compromise detection and actually, given the way our engine works, dropping detection for DOS viruses would result in an insignifiant speed increase - less than 5% faster.

The risk of getting infected by Michaelangelo is probably pretty small nowadays, but it can't be entirely discounted. So rest assured, we'll keep on detecting those old boot and DOS viruses and the dead Trojan downloaders.

Comment      Link

Incidents|Fast is good

David
Kaspersky Lab Expert
Posted April 05, 12:09  GMT
Tags: Antivirus Updates
0
 

Like us, you might have seen a recent discussion about antivirus vendors response times.

Just like the vendors involved, we believe that speed of response to new threats and update frequency are vital.

That's why we provide hourly updates. Day in, day out, regardless of whether a particular threat makes headlines. This ensures that our users have access to effective protection against the 200+ new threats which appear ever day.

Even though our response times weren’t included in the discussion mentioned above, we consistently deliver a fast response. And that’s what’s most important.

Comment      Link