Vulnerabilities and exploits

n the last few days we have discovered that spam messages with malicious links are being sent via instant messenger services

Kaspersky Lab’s senior anti-malware researcher Kurt Baumgartner discusses the use of ROP (return-oriented programming) techniques in vulnerability exploit packs.

The third quarter of 2010 turned out to be more eventful than the preceding quarter. Over 600 million attempts to infect users’ computers with malicious and potentially unwanted programs were blocked during this period; an increase of 10% on the second quarter of this year.

The year 2010 has been almost identical to the previous one in terms of malware evolution. Generally speaking, trends have not changed that much and nor have the targets for attack; though certain malicious activities have progressed dramatically.

In this Q&A with Ryan Naraine, Kaspersky talks about the different eras in malicious computer activity, from passive viruses to Internet worms to botnets and, now, a new era of cyber-warfare.

In early December, Kaspersky Lab experts detected samples of the malicious program TDL4 (a new modification of TDSS) which uses a 0-day vulnerability for privilege escalation under Windows 7/2008 x86/x64 (CVE: 2010-3888).

Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, discusses the security risks involved with jailbreaking Apple’s iPhone.

Yesterday, Adobe published an advisory about a critical vulnerability in their Flash Player that is already being actively exploited. The exploit we are seeing right now has a payload which, while not being very sophisticated, holds several surprises.

Firefox users should be aware of a use-after-free vulnerability affecting Firefox versions 3.6.11 and earlier. The security team at Firefox has been working on getting a patch out since at least early Tuesday morning with a release candidate available for brave nightly build testers last night.

Ryan Naraine talks to mobile malware researcher Denis Denis Maslennikov about the mobile malware landscape.

The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network.

Kaspersky Lab Senior Anti-Virus Researcher Roel Schouwenberg answers questions on the Stuxnet work, the resources and sophistication involved in the attack and the likely nation-state involvement.

Over the last few days, Stuxnet has been covered extensively in the mass media. And it’s been covered differently by different sources. “Iran”, “Bushehr nuclear plant” and “cyber-weapon” are phrases which are already inexorably linked to Stuxnet.

There is a new, actively exploited XSS on Twitter.

As the subject of targeted attacks remains one of the industry’s most hotly discussed topics, and the waves of such attacks appear to be relentless, our experts, Kostin and Magnus, together with the team, decided to continue on with the theme.