Vulnerabilities and exploits

Almost exactly one month ago we warned about a zero-day in Flash which was being exploited in targeted attacks.

The .co.cc domains, littered with malicious sub domains hosting exploit pages and malicious java applets for the past several months, are now hosting FakeAv pages and “BestAntivirus2011.exe”.

Here’s the latest of our malware wallpaper calendars.

In this edition of the Lab Matters webcast, malware researcher Tillmann Werner and Ryan Naraine discuss the ongoing battle to control the Conficker botnet and the need for the computer security industry to consider newer approaches to mitigating the botnet epidemic.

Over the past couple months, some advertising networks have been distributing ads that redirect browsers to sites hosting exploits. Spotify’s ad networks are the most recently outed.

Kaspersky lab discovered a new variant today, in the form of an obfuscated executable. Please review the technical details for further information. The threat was detected automatically thanks to the Kaspersky Security Network as UDS:DangerousObject.Multi.Generic.

Kaspersky Lab is still monitoring malicious websites involved in the recent Japan spam campaigns.

Ever since Stuxnet hit the news last year, there has been an increased interest in the area of industrial control systems (ICS). This has been evidenced by the fact that we’ve seen a recent surge in public releases of zero-day (unpatched) vulnerabilities and exploits.

Me and Slammer (Helkern) go back a long way…to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a month

Adobe released its fix for CVE-2011-0609 this afternoon, making good on last week’s advisory dealing with the latest Flash zero-day. Kaspersky Lab products detected .a, .b and .c variants as “Trojan-Dropper.MSExcel.SWFDrop” this past week.

Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit.

Kaspersky Lab has detected a malicious spam campaign using the recent earthquake in Japan to infect users.

In this episode of Lab Matters, Kaspesky Lab malware researcher Tim Armstrong joins Ryan Naraine to examine the security posture of the Android mobile operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting Android devices.

Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat.

There is a slew of unreferenced information on today’s patched vuln, so let’s examine a couple of the more interesting client side exploitable vulnerabilities that Microsoft patched today.