The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.


APT is gaining much more press attention recently with RSA and Northrup Gruman intrusions making it into the news. A set of researchers from Taiwan presented their APT related data at "Balancing the pwn Trade Deficit". Based on a known APT malware set, they developed methods for clustering the malware to identify and make sense of the growing heap of it. While they withheld some more sensitive information and their work has mostly focused on attacks in southeastern asia, their content and project is an interesting one.

They requested that individuals (system administrators, etc) suspecting APT components on their networks upload the files at xecure-lab.com to help research them. Visualization of analysis data and confirmation or denial that the component is APT related will be provided.

Citrix system administrators should quickly refer to the "Bosses Love Excel, Hackers too" material put forward towards the end of the day by spanish security researchers and funnymen Chema Alonso and Juan Garrido. They demonstrated reliable attacks on Citrix systems using both default configured systems, and more locked down systems. The techniques alarmingly demonstrated how security policies can be evaded every step of the way while using Excel on Citrix.

Later in the day, Ben Feinstein and Jeff Jarmoc talked about more security issues with cloud computing. In this case, they focused on Amazon cloud services and the Amazon Machine Images (AMI) used to spin off virtual machines. Their data included findings that 30% of all the open source based AMI being uploaded and publicly shared at Amazon maintain a public disclosure of sensitive information. This sensitive information may be SSH keys, identification tokens, bash history files that maintain user and host names and other common ways that credentials are exposed. Security for the cloud is becoming more overcast.

Comment      Link

Cloud Computing providers offer gigabytes of storage for free, and the cybercriminals use to maintain and spread malware of all the kind. At the same time, many legitimate services are not free, but are still very attractive to cybercrime gangs. In the case of Amazon, Amazon Simple Storage Service (Amazon S3) does the trick.

Despite being a paid service, the cost is not an obstacle for profitable attackers. In fact, my colleague Dmitry Bestuzhev recently told us about the spread of malware exploiting this service to "the cloud".

The truth is that these cases are not isolated. According to our research, cybercriminals have been running SpyEye activities and from Amazon for the past couple of weeks.


There were some recent comments about Amazon Cloud as a platform for successful attacks on Sony… Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.