Vulnerabilities and exploits

Today is the last day of CanSecWest – a security conference taking place in Vancouver, Canada.

Let’s just make a conservative guesstimate that there are more than 40 million infected victim hosts and malware serving “hosts” connected to the internet at any one time, including both traditional computing devices, network devices and smartphones.

This section of the report is based on data obtained and processed using the Kaspersky Security Network (KSN).

All statistical data used in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.

Microsoft is releasing 9 Security Bulletins this month (MS12-008 through MS12-016), patching a total 21 vulnerabilities.

Last week researchers found vulnerabilities in the Google Wallet payment system. The vulnerability was leveraged to display the current PIN number but required root access to the device. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app requiring no root access. I expect these to be just the beginning of a scavenger hunt for Google Wallet vulnerabilities in the future.

Many of the apps we enjoy are free. Well, to call them free is a bit misleading. You pay for the apps by looking at advertisements. This is a platform we should all recognize from the sidebar of Facebook, or Google, or almost any service that doesn’t charge a premium to use it. Advertising has paved the way for many services to gather a huge audience audience and still profit.

The Adobe AIR and Adobe Flash Player Incubator program updated their Flash Platform runtime beta program to version 5, delivered as Flash Player version 11.2.300.130. It includes a “sandboxed” version of the 32-bit Flash Player they are calling “Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems”. It has been over a year since Adobe discussed the Internet Explorer ActiveX Protected Mode version on their ASSET blog, and the version running on Google Chrome was sandboxed too.

Does the Bouncer will be effective in addressing the malware problems with Android apps? Is it still a good idea to use a mobile security program for protection even with Bouncer in place? Are there ways for hackers to sneak infected apps into the store despite Bouncer?

In this webcast, Kaspersky Lab senior security researcher Roel Schouwenberg talks about the Diginotar certificate authority breach and the implications for trust on the Internet. Schouwenberg also provides a key suggestion for all major Web browser vendors.

S. Korean handlers are slow to take down the publicly distributed malicious code exploiting CVE-2012-0003, a vulnerability patched in Microsoft’s January 2012 patch release MS12-004.

Here is the profile of one criminal using Bitly as a URL shortening service. As you can see, in just one day, he was able to gain more than 33,000 clicks or potential infections! So, how much did the criminal make on that particular day? Let’s see…

Malware wallpaper calendars for 2012

Kaspersky Lab malware researcher Tillmann Werner joins Ryan Naraine to talk about the threat from peer-to-peer botnets. The discussions range from botnet-takedown activities and the ongoing cat-and-mouse games to cope with the botnet menace.

Lots of confidential information has been leaked in Argentina and we are talking about home addresses, telephone numbers, details of education centers attended, mobile phone numbers, email addresses, marital status, children and even personal references. This is very bad because the same information can easily be used for all kinds of fraudulent activities: on-line ID theft, targeted attacks and so on.