English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.2
 

Introduction
Last week a good friend (@Dkavalanche) mentioned in his twitter account his findings of a Betabot malware which was spammed via fake emails in the name of Carabineros of Chile. It piqued my attention so I dug a little bit and this is what I found:
The original .biz domain used in the malicious campaign was bought by someone allegedly from Panama. It’s a purely malicious domain used exclusively for cybercriminal activity; however, the server itself is hosted in Russia! The same server has several folders and files inside, which we will discuss a little bit later. First, let’s speak about the initial malicious binary spoofed via email and then about other things. I will only focus on the most interesting details.

Denuncia_penal.exe
This is the name of the original binary. Translation to English is the “Criminal complaint”.
The file is compiled with fake information and it claims to be a legitimate tool build by NoVirusThanks, called NPE File Analyzer.

0.4
 

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now. The more people work on 64-bit platforms, the more 64-bit applications that are developed as well. Sometimes these include some very specific applications, for example, banking applications.... If someone wants to hack into an application like this and steal information, the best tool for that would also be a 64-bit agent. And what’s the most notorious banking malware? ZeuS, of course – the trendsetter for the majority of today’s banking malware. Its web injects have become a fundamental must-have feature of almost every banking malware family. And it was only a matter of time until a 64-bit version of ZeuS appeared – but we didn’t expect it to happen quite so soon.

That’s because cybercriminals don’t actually need a 64-bit version. ZeuS is mostly intended to intercept data passing through browsers, and modify that data allowing the operator to steal information related to online banking, to wire transactions or to cover his tracks. But nowadays people still use 32-bit browsers – even on 64-bit operating systems. So, 32-bit versions of ZeuS have been sufficient to keep the thieves satisfied with their earnings.

Then, out of the blue, we spotted a 32-bit ZeuS sample maintaining a 64-bit version inside. And it’s turned out that this 64-bit version has already been recorded being present in the wild at least since June, 2013 and compilation date specified in the sample is April 29, 2013! Moreover, this ZeuS version works via Tor. The initial 32-bit sample injects malicious code into target processes. If the target process belongs to a 64-bit application, ZeuS injects its 64-bit version into the process; otherwise, it pushes the 32-bit version. We ran tests to see how the 64-bit ZeuS works inside a 64-bit Internet Explorer and it demonstrated the usual ZeuS functionality: in any case, the web injects functioned as usual.

Events|PasswordsCon in Bergen

Marco
Kaspersky Lab Expert
Posted December 03, 10:02  GMT
Tags: Passwords
0
 

It’s december. While it’s getting colder and people prepare and shop for christmas, here in Bergen, a city in Norway, experts from several countries come together talking about Passwords – something you’re using while buying christmas presents online for example – at the PasswordsCon. This one held at the University of Bergen in the Auditorium Pi.



0.3
 

    Yesterday morning we received a sample from Cuba of a malware that looks for the following audio and video file extensions after infecting a victim’s machine: .mp3, .mp4, .mpg, .avi, .mkv, .vob, .dat, .rmvb, .flv, .wav

Events|Hot Topic in Icy Country

Marco
Kaspersky Lab Expert
Posted December 04, 08:03  GMT
Tags: Conferences, Trainings, Passwords
0.2
 

These days Passwords^12 is taking place in Oslo - a conference only dedicated to passwords and pin codes. With temperatures around -15 degrees (Celsius) outside, in the conference rooms of the University in Oslo, Department of Informatics, talks by well known security experts are given.

Every day you use passwords. While logging on to your computer, smartphone or tablet, accessing your emails or your social network site and also for online banking and online shopping. Recent database breaches of user logins show that there is a high demand for more security in this area. During these days talks and discussions only care about this.

0.2
 

We speak about attacks on online providers that result in the leak of personal users’ passwords. Just recently we saw the leak of 6.46 million Linkedin user passwordss. Right after this we saw a leak of 400 thousand Yahoo Voices passwords. These are not isolated cases; nowadays we see many successful attacks that lead to personal data leaks. One more example of this is the leak of personal information of users of one of the popular Android forums and finally the hack of the NVIDIA developer forum. It’s worth saying that many successful attacks are just not announced and the Internet community doesn’t find out about them.

So, how do we deal with cases when our passwords can be leaked? Obviously the end user can’t do much to protect his on-line service provider and prevent the leak, but there are some basic tips on how to avoid a big disaster when our passwords are compromised.

1.    Use a different password for each different online resource. Never reuse the same password for different services. If you do, all or many of your other online accounts can be compromised.
2.    Use complex passwords. This means, in a perfect scenario, a combination of symbols, letters and special characters. The longer the better.
3.    Sometimes our online service providers don’t let us create really complex passwords, but try to use long passwords, with at least 23 characters in a combination of uppercase and lowercase letters. A password of 23 characters (131 bits) would be ok.

For some users it’s hard to remember complex passwords, in which case a good solution would be to use a password manager like Kaspersky Password Manager.

Remember, you can’t stop your service provider being hacked, but you can avoid a bigger disaster when all of your accounts get compromised at once just because you used the same password!

Comment      Link
0.3
 

Airport kiosks have achieved a wide distribution nowadays. They offer the convenience of having access to all sorts of travel related information, IP-telephony as well as to the Internet while on the road. Which is a good thing!

However, when I travelled back from BlackHat and DefCon 19 and checked in at the Mc Carran airport in Las Vegas, one of these machines caught my eye. It showed a website I know pretty well – Facebook! But it wasn't the Login screen - as it should be - but the profile page of a member. Someone had forgotten to logout of his or her account. Anyone in this airport would now have full access to all data and - of course - be able to write status messages on the profile page of the account owner and all people in the friendlist – which could harm this person‘s reputation. Which is a bad thing!

0.2
 

What a coincidence! The same day I start tumblring, Tumblr users get hit by what seems to be one of the most publicized phishing attacks the social network has seen so far.

Yet another phishing attack has resulted in thousands of accounts being compromised. Nothing new here. Phishing is a game of numbers – so even though many users are aware of this threat, there still are some of them who fall victim to this old social engineering trick. Therefore, even with just a low efficiency rate in terms of percentage, thousands of accounts can still be easily compromised by cybercriminals if the phishing page is seen by enough people.

So – for those of you out there who still don’t know the basics of avoiding becoming a victim of phishing attack, here are a couple of tips:

0.2
 

A few days ago, we have notified you about malicious activities from the S.A.P.Z. botnet. And we provided evidence that this methodology of attack can be used to affect users of any Latin America bank, or any part of the world.

Now the S.A.P.Z. gang, which may be Peruvian, has resorted to another strategy. It is focusing on the theft of sensitive information, by spreading a variant of Palevo worm, detected by Kaspersky Lab as P2P-Worm.Win32.Palevo.cudq.

The key element of this is that with S.A.P.Z., the cyber-criminals have used the functionalities of an old web application created for the administration of stolen data, called Blackshades. As indicated in this image, now they’re not only focusing on Peruvian users, but also others countries such as Chile, Colombia, Spain and USA.

Webcasts|Lab Matters - Password Security: Dos and Don'ts

Ryan Naraine
Kaspersky Lab Expert
Posted May 04, 11:39  GMT
Tags: Passwords
0.2
 

There are countless firms that sell expensive computer security products and gear. But most experts will tell you that the one step you can take to most improve the security of your home or work computer is to have and follow strict password security. But what makes a password strong (or weak)? And what tricks might hackers, malware authors and cyber criminals play to get you to part with yours? Paul Roberts of Threatpost speaks with David Emm of Kaspersky Lab about proper password hygiene and the steps you need to take to secure access to your critical online and offline accounts.

Comment      Link