Vulnerabilities and exploits

Incidents

Ransomware: GPCode strikes back

Kaspersky lab discovered a new variant today, in the form of an obfuscated executable. Please review the technical details for further information. The threat was detected automatically thanks to the Kaspersky Security Network as UDS:DangerousObject.Multi.Generic.

Industrial threats

SCADA exploits circulating

Ever since Stuxnet hit the news last year, there has been an increased interest in the area of industrial control systems (ICS). This has been evidenced by the fact that we’ve seen a recent surge in public releases of zero-day (unpatched) vulnerabilities and exploits.

Research

The decline and fall of Slammer?

Me and Slammer (Helkern) go back a long way…to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a month

Incidents

Adobe Fix for CVE-2011-0609

Adobe released its fix for CVE-2011-0609 this afternoon, making good on last week’s advisory dealing with the latest Flash zero-day. Kaspersky Lab products detected .a, .b and .c variants as “Trojan-Dropper.MSExcel.SWFDrop” this past week.

Incidents

Japan Quake Spam leads to Malware Part 3

Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit.

Video

Webcast – The Good and Bad of Android Security

In this episode of Lab Matters, Kaspesky Lab malware researcher Tim Armstrong joins Ryan Naraine to examine the security posture of the Android mobile operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting Android devices.

Software

Patch Tuesday March 2011

This month’s patch Tuesday is comprised of three bulletins covering four vulnerabilities. Two bulletins affect Windows while the other affects Office. The Windows vulnerabilities affect all currently supported client OS’s.

Incidents

Off-by-one 2.0

The “off-by-one” vulnerability is an old concept. Here is a description from Wikipedia:

An off-by-one error (OBOE) is a logical error involving the discrete equivalent of a boundary condition. It often occurs in computer programming when an iterative loop iterates one time too many or too few. Usually this problem arises when a programmer fails to take into account that a sequence starts at zero rather than one (as with array indices in many languages), or makes mistakes such as using “is less than or equal to” where “is less than” should have been used in a comparison.

Reports