Threat Category: Vulnerabilities and exploits | Page 39

As the subject of targeted attacks remains one of the industry’s most hotly discussed topics, and the waves of such attacks appear to be relentless, our experts, Kostin and Magnus, together with the team, decided to continue on with the theme.

With Apple fans waiting for the release of the Greenpois0n jailbreaking tool, the cybercriminals are exploiting the fuss with “Greenpois0n” trojans.

We’re still monitoring Pegel, and we’ve come across something which piqued our interest: redirects to malicious websites hosting exploits weren’t only coming from infected legitimate sites, but also from flash ads on legitimate sites.

Over the past few weeks the AV industry has continued to focus its research efforts on the Stuxnet worm. We blogged about what we found while we were investigating the malware; our Stuxnet series may have come to an end, but that doesn’t mean we’ve stopped our research.

Today Adobe put out an advisory for a previously unknown zero-day in its PDF Reader/Acrobat software.
This vulnerability is actively being exploited in the wild.

In the past, we’ve seen Web defacers act with only with political motivation. That has now changed. The Web defacers are being used by the online money gangs as a part of outsourced services.

The Winlock numbers, the Winlock laws

The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.

The Winlock case – I’m taking bets!

We all know that cybercriminals will target anything and everything they can reach

Oops they did it again!

Microsoft released MS10-046 which deals with the LNK vulnerability originally exploited by Stuxnet.

I just came across a suspicious PDF file, so I decided to take a deeper look. Once the file was unpacked, I got an xml file with TIFF image

Providing randomly generated input to different open source disassembler libraries generates surprisingly differing output and the CPU interprets it differently yet again.

Vacation is a time for visiting friends and family, going abroad, eating ice-cream, gardening – whatever helps you regroup and recharge

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Vulnerabilities and exploits

Targeted attacks: businesses under threat

iPhone Jailbreaking, Greenpois0n and SHAtter Trojans

Pegel now in banners

Myrtus and Guava, Episode MS10-061

Adobe Reader zero-day attack – now with stolen certificate

A Web Defacer Turns to $$ Spam Fraud

The Winlock numbers, the Winlock laws

Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem

The Winlock case – I’m taking bets!

Who needs my SQL server?

Oops they did it again!

LNK patch is out

Zbot and CVE2010-0188

Different x86 Bytecode Interpretations

How does your vacation affect your security?

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails