Vulnerabilities and exploits

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

This section of the report forms part of Kaspersky Security Bulletin 2010 and is based on data obtained and processed using the Kaspersky Security Network (KSN). KSN integrates cloud-based technologies into personal and corporate products and is one of Kaspersky Lab’s most important innovations.

An opened WiFi is more dangerous than you think. You should pay a special attention, especially if you travel a lot.

In January we published the first of our malware wallpaper calendars. Here’s the latest wallpaper.

ICQ client used to push malicious ads that lead fake anti-virus.

What happens when all of your personal data is readily available for use by a cybercriminal?

A new year has broken – a new peer-to-peer botnet is on the rise.

We’d like to wish all our readers a very happy New Year and offer you a small gift – a selection of wallpaper calendars with the dates of the most significant events in the history of the IT security industry.

n the last few days we have discovered that spam messages with malicious links are being sent via instant messenger services

Kaspersky Lab’s senior anti-malware researcher Kurt Baumgartner discusses the use of ROP (return-oriented programming) techniques in vulnerability exploit packs.

The third quarter of 2010 turned out to be more eventful than the preceding quarter. Over 600 million attempts to infect users’ computers with malicious and potentially unwanted programs were blocked during this period; an increase of 10% on the second quarter of this year.

The year 2010 has been almost identical to the previous one in terms of malware evolution. Generally speaking, trends have not changed that much and nor have the targets for attack; though certain malicious activities have progressed dramatically.

In this Q&A with Ryan Naraine, Kaspersky talks about the different eras in malicious computer activity, from passive viruses to Internet worms to botnets and, now, a new era of cyber-warfare.

In early December, Kaspersky Lab experts detected samples of the malicious program TDL4 (a new modification of TDSS) which uses a 0-day vulnerability for privilege escalation under Windows 7/2008 x86/x64 (CVE: 2010-3888).

Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, discusses the security risks involved with jailbreaking Apple’s iPhone.