APT (Targeted attacks)

The packer disrupts basic software breakpoints and some api hooking techniques, because it decrypts the original exe’s section contents onto heaps in-memory

Files with the extension “.bak” are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA

In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html).
In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (35f1572eb7759cb7a66ca459c093e8a1 – NewsFinder.jar), known as the Rhino exploit (CVE-2011-3544).

Here’s a link to the full paper (part 1) about our Red October research. During the next days, we’ll be publishing Part 2, which contains a detailed technical analysis of all the known modules. Please stay tuned. During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies

Yesterday, Jens ‘atom’ Steube, which most people know as the author of ‘hashcat’ – a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license

Another wiper-like malware has been discovered.

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

Several days ago, a number of leaked documents from the Syrian Ministry of Foreign Affairs were published on Par:AnoIA, a new wikileaks-style site managed by the Anonymous collective.

Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”.

Dubbed Narilam, the malware appears to be designed to corrupt databases. We have identified several samples related to this threat.

In May 2012, a Kaspersky Lab investigation detected a new nation-state cyber-espionage malware, which we named “Flame”

While analyzing the Flame malware that we detected in May 2012, Kaspersky Lab experts identified some distinguishing features of Flame’s modules.

Our previous analysis of the Flame malware, the advanced cyber-espionage tool that-s linked to the Stuxnet operation, was initially published at the end of May 2012 and revealed a large scale campaign targeting several countries in the Middle East