Securelist / All Updates

Descriptions: Trojan-Downloader.Win32.Agent.dlyf

webmaster@securelist.com () — 02 Feb 2012 18:01:00 +0400

This Trojan downloads other malicious programs from the Internet and launches them for execution without the user's knowledge. It is a Windows dynamic library (PE EXE file). It is 53 248 bytes in...

Descriptions: Trojan.Win32.VB.aeke

webmaster@securelist.com () — 02 Feb 2012 17:51:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 352 256 bytes in size. It is written in Visual Basic. Installation When launching,...

Descriptions: Trojan.Win32.Smardf.mlt

webmaster@securelist.com () — 02 Feb 2012 17:10:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 142 848 bytes in size. It is written in Delphi.

Blog: Lab Matters - The death of browser trust

webmaster@securelist.com (Ryan Naraine) — 02 Feb 2012 16:15:00 +0400

In this webcast, Kaspersky Lab senior security researcher Roel Schouwenberg talks about the Diginotar certificate authority breach and the implications for trust on the Internet. Schouwenberg also provides a key suggestion for all major Web browser vendors.

Descriptions: Trojan.Java.Payphish.a

webmaster@securelist.com () — 01 Feb 2012 13:17:00 +0400

When the infected page is opened, Java class code starts to run, which leads to the following actions: The following file is created and launched: Ñ:\Windows\pay.reg This causes a change in...

Descriptions: Backdoor.Win32.Delf.ugd

webmaster@securelist.com () — 01 Feb 2012 13:03:00 +0400

This Trojan provides a malicious user with remote access to the infected computer. It is a Windows application (PE EXE file). It is 365 568 bytes in size. It is written in Delphi. Installation Once...

Descriptions: Trojan-Downloader.Win32.Genome.atab

webmaster@securelist.com () — 01 Feb 2012 12:39:00 +0400

Once launched, the Trojan decrypts its body and then downloads files from the following URL addresses: http://195.***.144.79/psyim_dfgjkeqw.exe http://195.***.144.79/setup.exe http:...

Blog: Kelihos/Hlux botnet returns with new techniques

webmaster@securelist.com (Maria Garnaeva) — 31 Jan 2012 15:00:00 +0400

It has been four months since Microsoft and Kaspersky Lab announced the disruption of Kelihos/Hlux botnet.

Blog: CVE-2012-0003 Exploit ITW

webmaster@securelist.com (Kurt Baumgartner) — 27 Jan 2012 21:44:43 +0400

S. Korean handlers are slow to take down the publicly distributed malicious code exploiting CVE-2012-0003, a vulnerability patched in Microsoft's January 2012 patch release MS12-004.

Descriptions: Exploit.JS.Pdfka.dna

webmaster@securelist.com () — 26 Jan 2012 18:15:00 +0400

This exploit program uses vulnerabilities in Adobe Reader and Acrobat to execute itself on the user's computer. It is a PDF document containing XML Forms Architecture and Java Script. It is 26,393...

Descriptions: Trojan-Downloader.Win32.Genome.asvq

webmaster@securelist.com () — 26 Jan 2012 15:41:00 +0400

This Trojan downloads other malicious programs from the Internet and launches them for execution without the user's knowledge. It is a Windows application (PE EXE file). It is 21 504 bytes in size....

Descriptions: Trojan-Downloader.Win32.Genome.asut

webmaster@securelist.com () — 26 Jan 2012 14:54:00 +0400

Descriptions: Trojan.Win32.Slefdel.fpk

webmaster@securelist.com () — 26 Jan 2012 14:42:00 +0400

The Trojan creates a file named "Deleteme.bat" in its working directory and launches it for execution: %WorkDir%\Deleteme.bat The launched file deletes the Trojan's original body and deletes...

Descriptions: Trojan.Win32.Sasfis.rer

webmaster@securelist.com () — 25 Jan 2012 17:55:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 18 944 bytes in size. It is written in C++.

Descriptions: Trojan.Win32.Sasfis.ole

webmaster@securelist.com () — 25 Jan 2012 17:46:00 +0400

Once launched, the Trojan decrypts and extracts the following file from its body to the current user's temporary directory: %Temp%<rnd1>.tmp where <rnd1> is a random set of numbers and...

Descriptions: Trojan.Win32.Qhost.nhn

webmaster@securelist.com () — 25 Jan 2012 17:37:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 16 384 bytes in size. It is written in C++.

Analysis: Congratulations, you’ve won! The reality behind online lotteries

webmaster@securelist.com (Maria Rubinstein) — 25 Jan 2012 11:54:00 +0400

It’s amazing how often we get a message telling us we’ve won the lottery.

Descriptions: Trojan-SMS.J2ME.Agent.s

webmaster@securelist.com () — 24 Jan 2012 15:51:00 +0400

Òðîÿíñêàÿ ïðîãðàììà, ïîðàæàþùàÿ...

Descriptions: Trojan.Win32.Qhost.mxb

webmaster@securelist.com () — 24 Jan 2012 12:40:00 +0400

The Trojan creates a copy of the original "hosts" file under the following name: C:\h.tmp The Trojan writes the following string in the file created: 85.***.206.115 u070***010u.com It replaces the...

Descriptions: Trojan.Win32.Agent.fadd

webmaster@securelist.com () — 24 Jan 2012 12:31:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 49 162 bytes in size. It is written in Delphi. Installation Once launched, the...

Descriptions: Trojan.Win32.Agent.ezqu

webmaster@securelist.com () — 24 Jan 2012 12:20:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 48 650 bytes in size. It is written in Delphi. Installation Once launched, the...

Descriptions: Trojan.Win32.Agent.ezqk

webmaster@securelist.com () — 23 Jan 2012 16:18:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 47 114 bytes in size. It is written in Delphi. Installation Once launched, the...

Descriptions: Trojan.Win32.Agent.ezqg

webmaster@securelist.com () — 23 Jan 2012 16:11:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE EXE file). It is 49 162 bytes in size. It is written in Delphi. Installation Once launched, the...

Descriptions: Trojan.Win32.Agent.dfab

webmaster@securelist.com () — 23 Jan 2012 14:33:00 +0400

Once launched, the Trojan decrypts and extracts the following file from its body to the current user's temporary directory: %Temp%<rnd1>.tmp where <rnd1> is a random set of numbers and...

Blog: Brazilian cybercriminals’ daily earnings - more than you’ll ever earn in a year!

webmaster@securelist.com (Dmitry Bestuzhev) — 20 Jan 2012 17:20:50 +0400

Here is the profile of one criminal using Bitly as a URL shortening service. As you can see, in just one day, he was able to gain more than 33,000 clicks or potential infections! So, how much did the criminal make on that particular day? Let’s see...

Descriptions: Trojan.Win32.Agent.daec

webmaster@securelist.com () — 20 Jan 2012 16:14:00 +0400

This Trojan delivers a malicious payload to the user's computer. It is a Windows application (PE DLL file). It is 27 136 bytes in size. It is written in C++. Installation The Trojan copies its body...

Descriptions: Exploit.HTML.CVE-2010-1885.ad

webmaster@securelist.com () — 20 Jan 2012 16:04:00 +0400

This exploit program uses vulnerability in Microsoft Windows Help and Support Center to execute itself on the user's computer. It is an HTML document containing Java Script scenarios. It is 11 723...

Descriptions: Backdoor.Win32.Bredavi.he

webmaster@securelist.com () — 20 Jan 2012 15:58:00 +0400

This malicious program provides a malicious user with remote access to the infected computer. It is a Windows application (PE DLL file). It is 25 600 bytes in size. It is written in...

Blog: Malware wallpaper calendars for 2012

webmaster@securelist.com (David) — 19 Jan 2012 19:42:48 +0400

Malware wallpaper calendars for 2012

Blog: Lab Matters - The threat from P2P botnets

webmaster@securelist.com (Ryan Naraine) — 19 Jan 2012 17:35:00 +0400

Kaspersky Lab malware researcher Tillmann Werner joins Ryan Naraine to talk about the threat from peer-to-peer botnets. The discussions range from botnet-takedown activities and the ongoing cat-and-mouse games to cope with the botnet menace.

Descriptions: Backdoor.Win32.Bredavi.anx

webmaster@securelist.com () — 19 Jan 2012 16:10:00 +0400

If Microsoft Office is installed on the user's computer, the Trojan sets the security level to low by registering the following values in the system registry key:...

Descriptions: Trojan-Spy.Win32.SPSniffer.a

webmaster@securelist.com () — 19 Jan 2012 15:58:00 +0400

This malicious program is designed to steal confidential data from users. It is a Windows PE EXE file. It is 53248 bytes in size. It is written in Visual Basic.

Descriptions: Trojan-Dropper.Win32.Sality.r

webmaster@securelist.com () — 19 Jan 2012 15:49:00 +0400

This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. The program itself is a Windows PE DLL file. It is 76800 bytes in...

Descriptions: Trojan-Downloader.WMA.GetCodec.s

webmaster@securelist.com () — 18 Jan 2012 18:11:00 +0400

The Trojan exploits the ability of Windows Media to integrate the scenario command "URLAndExit" into the video stream. This allows the default browser to be launched during playback with a subsequent...

Descriptions: Trojan-GameThief.Win32.Magania.cnkt

webmaster@securelist.com () — 18 Jan 2012 17:39:00 +0400

This Trojan is one of a family of Trojans that steal passwords from users' online gaming accounts. It is a Windows PE EXE file. It is 115016 bytes in size. It is written in C++. Installation After...

Blog: Two-pronged attack: Argentine site hit by malware and data leak

webmaster@securelist.com (Dmitry Bestuzhev) — 18 Jan 2012 17:13:10 +0400

Lots of confidential information has been leaked in Argentina and we are talking about home addresses, telephone numbers, details of education centers attended, mobile phone numbers, email addresses, marital status, children and even personal references. This is very bad because the same information can easily be used for all kinds of fraudulent activities: on-line ID theft, targeted attacks and so on.

Descriptions: Packed.Win32.Black.d

webmaster@securelist.com () — 18 Jan 2012 13:02:00 +0400

This sample does not have a malicious payload. It is an installation file of the program E-Drill Master Folder Encryption. It is 1 772 451 bytes in size. It is packed using PE Patch and...

Blog: The Zappos Breach and Textual Password Based Authentication

webmaster@securelist.com (Kurt Baumgartner) — 17 Jan 2012 18:42:32 +0400

Following their major database breach, Zappos leadership is doing the right thing by what seems to be quickly and clearly communicating what data was accessed and what was not - there are no unexplained delays or confusion on their part about the event. It's like another Aurora moment in my book, when Google extraordinarily opened up about their breach while the other 30-odd Aurora-breached major corporations did the opposite, aggressively maintaining NDA's to hide their Aurora incidents and hide their heads in the sand. Zappos reset 24 million customers' passwords and emailed all of them about the problem last night.

Blog: A School for Cybercrime: How to Become a Black Hat

webmaster@securelist.com (Fabio Assolini) — 17 Jan 2012 17:40:47 +0400

To help beginners interested in a life of cybercrime, some Brazilian bad guys started to offer paid courses. Others went even further, creating a Cybercrime school to sell the necessary skills to anyone who fancies a life of computer crime but lacks the technical know-how.

Descriptions: Worm.Win32.VBNA.iby

webmaster@securelist.com () — 17 Jan 2012 15:16:00 +0400

This worm propagates by creating copies of itself on local disks and write-accessible removable disks. It is a Windows application (PE EXE file). It is 45056 bytes in size. It is written in Visual...

Descriptions: Worm.Win32.Agent.abe

webmaster@securelist.com () — 17 Jan 2012 15:04:00 +0400

This worm carries out destructive activity on the victim machine. It is a Windows PE-EXE file. It is 480308 bytes in size. It is written in C++.

Descriptions: Trojan.JS.Agent.bmx

webmaster@securelist.com () — 17 Jan 2012 14:01:00 +0400

This program has a malicious payload. The program is a Java Script scenario. It is 3,467 bytes in size.

Blog: IRC bot for Android

webmaster@securelist.com (Denis) — 13 Jan 2012 22:36:42 +0400

Not so long time ago we found a very interesting piece of malware for Android. Unfortunately, it is not clear how it was spread but in any case it’s worth mentioning. The malicious application displays itself as ‘MADDEN NFL 12’ game after the installation. The file size is over 5+ MB and actually is a Trojan that drops a set of malware components onto the system: root exploit, SMS Trojan and IRC bot. The .class file "AndroidBotAcitivity" maintains this dropper functionality.

Blog: Facebook Security Phishing Attack In The Wild

webmaster@securelist.com (David Jacoby) — 13 Jan 2012 15:38:00 +0400

A new pretty sophisticatd Phishing attack in the wild at the moment. It does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security”

Blog: Lab Matters - Cloudy with a chance of stolen data

webmaster@securelist.com (Ryan Naraine) — 12 Jan 2012 16:08:00 +0400

Director of Kaspersky Lab's global research and analysis team Costin Raiu appears on Lab Matters to discuss the security ramifications of the growing dependence on cloud computing. The discussions center on the convenience of using consumer cloud services and some of the risks involved with outsourcing security to third-parties.

Analysis: Spam report: December 2011

webmaster@securelist.com (Maria Namestnikova) — 12 Jan 2012 11:35:00 +0400

The percentage of spam in email traffic was 4.4 percentage points lower than in November and averaged 76.2%.

Blog: Windows Security Phone Scam Now Targeting Sweden

webmaster@securelist.com (David Jacoby) — 09 Jan 2012 16:04:35 +0400

Scammers pretending to be Windows Security Support Technitians calling up people trying to trick them to install remote access tools now targeting Sweden.

Blog: The Top 10 Security Stories of 2011

webmaster@securelist.com (Costin Raiu) — 04 Jan 2012 13:08:35 +0400

As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.

Blog: BuzzMania - ClickJacking / LikeJacking spam on Facebook!

webmaster@securelist.com (David Jacoby) — 03 Jan 2012 13:22:22 +0400

New Facebook scam redirecting users to clickjacking / likejacking sites. Multiple domains and javascript redirectors is used.

Blog: ASP.NET Holiday Patches

webmaster@securelist.com (Kurt Baumgartner) — 30 Dec 2011 02:24:20 +0400

It's the end of 2011 as we know it, and Microsoft feels fine finishing out the year with a handful of out-of-band holiday patches. This round is important not because the vulnerabilities directly impact massive numbers of customers and their online behavior on Windows laptops, tablets, and workstations, but because ASP.NET maintains vulnerable code allowing for easy DoS of hosting websites, authentication bypass techniques, and stealth redirections to other websites (most dangerously those sites host phish and hosting client side exploits). All of this could curdle your eggnog in the coldest of weather.