Vulnerabilities and exploits

This week my Samsung Chromebook finally arrived. My interest in this platform had been especially piqued after my colleague Costin Raiu’s excellent analysis following the Chromebook’s introduction.

Here’s the latest of our malware wallpaper calendars.

I found an interesting “bug” in the malicious .php script on the .cc domain. For example, instead of clicking on http://3cm.kz/example, just put at the end http://3cm.kz/example+ or http://3cm.kz/example* or any other and for each new special char you will get the binary. One special char per one new download. The second short URL service used by the criminals is http://shortn.me

Patches are up! This month’s patch Tuesday is a sizable one by any standards. Microsoft is patching a total of 34 vulnerabilities in 16 bulletins. At least eight different product lines are updated. Adobe is coordinating release of Reader, Acrobat, Shockwave and Flash updates as well today.

Here’s the latest of our malware wallpaper calendars.

The Democratic Party of Hong Kong’s website was compromised and serving malware nearly identical to the compromised UK Amnesty International servers at the beginning of this month. The server has been cleaned up.

We are currently investigating a new malicious campaign on Facebook mostly targeting French speaking users.

A host of events took place in the world of IT threats during the first quarter of 2011.

For business travelers, the use of a laptop to stay connected to access business documents and connect to office resources is an absolute necessity. In this Lab Matters webcast, Kaspersky Lab malware researcher Stefan Tanase provides some general travel tips and advice to assist in protecting you, your laptop and your corporate data while you are on the road.

The Sony PSN servers are back online

Thoughts on the security of the newly announced Chromebook with Google Chrome OS.

In this newest edition of Lab Matters, Director of Kaspersky Lab’s Global Research and Analysis Team Costin Raiu offers some predictions about what we will see in the second half of 2011.

After last month’s mega patch Tuesday this month’s can only be described as very quiet. A total of three vulnerabilities are getting patched in two bulletins, MS011-035 and MS011-036.

The latest Osama’s home videos have been used for not only FakeAV spreading but also Codepack advertisement botnet malware propagation.

Microsoft is making a couple changes to its exploitability index to help clarify vulnerability issues in Microsoft software to its customers, keeping its program far ahead of other major vendors. Still, no system is perfect.