Securelist / Analysis

Spam in April 2013

webmaster@securelist.com (Tatyana Shcherbakova, Darya Gudkova) — 23 May 2013 17:40:00 +0400

The percentage of spam in email traffic was up 2.1 percentage points compared with March and averaged 72.2%
The percentage of phishing emails decreased by a factor of three compared with March, dropping to 0.002%
In April, malicious files were found in 2.4% of all emails, a decrease of 1.6 percentage points

IT Threat Evolution: Q1 2013

webmaster@securelist.com (Denis Maslennikov) — 16 May 2013 17:06:00 +0400

According to KSN data, Kaspersky Lab products detected and neutralized 1 345 570 352 threats in Q1 2013.
A total of 22,750 new modifications of malicious programs targeting mobile devices were detected this past quarter - that’s more than half of the total number of modifications detected in all of 2012.
Some 40% of the exploits seen in the first quarter of this year target vulnerabilities in Adobe products.
Nearly 60% of all malicious hosts are located in three countries: the US, Russia, and the Netherlands.

Spam in Q1 2013

webmaster@securelist.com (Darya Gudkova) — 08 May 2013 15:00:00 +0400

The percentage of spam in total mail traffic was up by 0.5 percentage points in the first quarter, averaging 66.5%.

Spyware. HackingTeam

webmaster@securelist.com (Sergey Golovanov) — 23 Apr 2013 14:43:00 +0400

This article is based on technical data from KL experts and their analysis of the Korablin and Morcut malicious programs. A number of conclusions based on open source data.

Spam in March 2013

webmaster@securelist.com (Tatyana Shcherbakova, Darya Gudkova) — 18 Apr 2013 15:54:00 +0400

The percentage of spam in email traffic was down 1 percentage point compared with February and averaged 70.1%

Winnti. More than just a game

11 Apr 2013 17:00:00 +0400

The study shed light on the activities of a group that has persistently targeted online gaming companies for several years.

Winnti 1.0 technical analysis

webmaster@securelist.com (Dmitry Tarakanov) — 11 Apr 2013 16:28:00 +0400

The favorite tool of the attackers has been malicious program we called "Winnti". It has evolved since the first use, but we divide all variants into two generations: 1.x and 2.x. Our publication describes 1.0 variant of this tool.

Spam in February 2013

webmaster@securelist.com (Tatyana Shcherbakova, Darya Gudkova) — 21 Mar 2013 16:00:00 +0400

The percentage of spam in email traffic was up 12.8 percentage points compared with January and averaged 71.1%.

Mobile Malware Evolution: Part 6

webmaster@securelist.com (Denis Maslennikov) — 28 Feb 2013 13:00:00 +0400

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were

Spam in January 2013

webmaster@securelist.com (Tatyana Shcherbakova, Darya Gudkova) — 21 Feb 2013 12:54:00 +0400

The percentage of spam in email traffic was down 7.7 percentage points compared with December and averaged 58.3%

Application Control: the key to a secure network. Part 1

webmaster@securelist.com (Andrey Efremov, Vladimir Zapolyansky) — 19 Feb 2013 20:43:00 +0400

Corporate network security is one of the most pressing issues for companies today

Application Control: the key to a secure network - Part 2

webmaster@securelist.com (Andrey Efremov, Vladimir Zapolyansky) — 19 Feb 2013 20:00:00 +0400

It’s brilliant - but is it user-friendly?

Honey traps on the Internet

webmaster@securelist.com (Tatyana Kulikova) — 14 Feb 2013 13:59:00 +0400

In the world of espionage, a ‘honey trap’ traditionally involves a seductive encounter designed to coax information out of an agent, or to compromise him in his work.

Kaspersky Lab report: Evaluating the threat level of software vulnerabilities

webmaster@securelist.com () — 01 Feb 2013 14:30:00 +0400

Vulnerable programs are among the most commonplace ways to attack victims and steal personal data.

Spam in December 2012

webmaster@securelist.com (Tatyana Shcherbakova, Darya Gudkova) — 24 Jan 2013 13:53:00 +0400

The percentage of spam in email traffic was up 3.1 percentage points from November and averaged 66%.

Kaspersky Security Bulletin: Spam Evolution 2012

webmaster@securelist.com (Darya Gudkova) — 21 Jan 2013 16:51:00 +0400

The amount of spam fell throughout the course of the entire year. At the close of 2012, the percentage of spam settled at 72.1%, or 8.2% less than in 2011.

“Red October”. Detailed Malware Description 1. First Stage of Attack

17 Jan 2013 16:09:00 +0400

Based on the analysis of known cases, we identified two main ways through which Backdoor.Win32.Sputnik infects the victims

“Red October”. Detailed Malware Description 2. Second Stage of Attack

17 Jan 2013 16:08:00 +0400

Most of the tasks are provided as one-time PE DLL libraries that are received from the server, executed in memory and then immediately discarded

“Red October”. Detailed Malware Description 3. Second Stage of Attack

17 Jan 2013 16:07:00 +0400

The packer disrupts basic software breakpoints and some api hooking techniques, because it decrypts the original exe’s section contents onto heaps in-memory

“Red October”. Detailed Malware Description 4. Second Stage of Attack

17 Jan 2013 16:06:00 +0400

Files with the extension ".bak" are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA