As some of you may remember, during 2011 we published a malware calendar wallpaper for each month of the year.

We're doing so again this year, with updated information from 2011. However, we've decided to take a slightly different approach this year and publish all 12 wallpapers in one place. You can find them all here.

We hope you like this year's designs and find the data interesting.

Kaspersky Lab malware researcher Tillmann Werner joins Ryan Naraine to talk about the threat from peer-to-peer botnets. The discussions range from botnet-takedown activities and the ongoing cat-and-mouse games to cope with the botnet menace.

At the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.

This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.

Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:

Director of Kaspersky Lab's global research and analysis team Costin Raiu appears on Lab Matters to discuss the security ramifications of the growing dependence on cloud computing. The discussions center on the convenience of using consumer cloud services and some of the risks involved with outsourcing security to third-parties.

Earlier today, I was sitting at home working on a Linux server that was compromised while suddenly, I hear my home phone ringing. Actually, someone has been calling me and just hanging up around the same time everyday for three or four days now. I thought that it was just some telemarketing company profiling me to figure out if I’m home or not, but this time it was different.

When I picked up the phone I heard this guy introducing him as a technician from the Windows Security Support Department. The connection was VERY bad and I could not hear everything he said, I don't know if this was intended or not.

When I started to talk to him he asked me in English with a indian accent if I had a computer at home, and of course I said “yes”. Then he started to explain that my computer had been compromised and that my firewall was just protecting me against external threats and not internal threats. At this time I knew that something strange was going on, and I started to ask more questions about the malware and trying to get more information about them, then at this point he immediately hung up the phone.

Just after he hung up I realized that this was one of those scams where they trick people to install Remote Access software to be able to control the machines. Once they got access to the machines, they install rootkits and obtain full access to your computer.

In the outside world, I this is quite an effective scam because they called me during the day, and I guess the people who are at home by this hour are not your average security researcher from Kaspersky Lab but maybe people who are sick, or the elderly.

I want to warn everyone about these scams, and at this time I can confirm that they are currently attacking Sweden. Previously, such scams appeared to target UK/US users mostly (http://money-watch.co.uk/8183/windows-support-scam-worsens), but it seems their business is expanding.

Please let us know if somebody calls you and claims they are from “Windows Security” (or such) and asks you to install remote access software. Most important of all, do not install the software which they recommend!

It's the end of 2011 as we know it, and Microsoft feels fine finishing out the year with a handful of out-of-band holiday patches. This round is important not because the vulnerabilities directly impact massive numbers of customers and their online behavior on Windows laptops, tablets, and workstations, but because ASP.NET maintains vulnerable code enabling easy DoS of hosting websites, authentication bypass techniques, and stealth redirections to other websites (most dangerously those sites hosting phish and hosting client side exploits and spyware). All of this could curdle your eggnog in the coldest of weather.

    There is a bot activity in Twitter and at the moment is related to the new followers gaining only. What is happening is “profile me” bot is exploring all Twitpic hosted pictures replying to the authors with the same text phrase:

The bot started working on Friday, Dec 23 at 9 pm (GMT -05:00) with the highest peak on Saturday, 3 am the same GMT zone with 0.19% of all Twitter traffic.

In spite of the bot being used to gain followers and to promote porno content via bio user information, potentially it could be used for any other malicious purpose – like malware spreading via adding additional short URLs to the twits.

We’re monitoring it.

Fabio Assolini talks about the explosion of banker Trojans in Brazil and explains why it is so difficult to fight back against cyber-crime in the Latin American region.

    This year cybercriminals haven’t been particularly active in exploiting the upcoming holiday season to snare victims with their scams. The first evidence of a growing trend of festive fraud only began to emerge about a week ago. Interestingly, this year’s attacks are somewhat different from previous years. This time round cybercriminals aren’t just going for hard cash – they are also looking for other assets that can be converted into money, such as air miles.

Here's the latest of our malware calendar wallpapers.

1280x800 | 1680x1050 | 1920x1200 | 2560x1600

Christmas brings many more people online since the Internet provides a quick and convenient way to buy Christmas gifts. This makes it the perfect time for cybercriminals to cash-in on online activity. So it's also a good time for a reminder about the basic things you can do to reduce the risk of cybercriminals spoiling your Christmas.

1. Install Internet security software and keep it updated.
2. Keep Windows and other applications up-to-date.
3. Backup your data regularly to a CD, DVD, or external USB drive.
4. Don’t respond to email messages if you don’t know the sender.
5. Don’t click on email attachments if you don’t know the sender.
6. Don’t click on links in email or IM (instant messaging) messages. Type the address directly into your web browser.
7. Don’t give out personal information in response to an email or other message, even if it looks official.
8. Only shop, bank or socialise on secure sites. Make sure the URL starts with ‘https://’.
9. Use a different password for each web site or service you use. Don’t recycle them (e.g. ‘jackie1’, ‘jackie2’). Don’t make them easy to guess (e.g. mum’s name, pet’s name). Don’t tell anyone your passwords.