Threat Category: Vulnerabilities and exploits | Page 44

Anyone who is remotely involved in the anti-malware industry will know that testing is a hot topic – the subject has received a lot of attention lately, particularly following the formation of AMTSO, the Anti-Malware Testing Standards Organization, earlier this year.

Smack on the bot for the Beeb

Unlike our previous six-month and annual statistical reports, this report is completely based on data collected and processed using the Kaspersky Security Network (KSN).

Crime and punishment

If you drop by phpbb.com, you’ll be greeted by this notice, which has been there for 5 days now

The term MalWare 2.0 is often used in our reports to denote a model for the complex malicious programs which appeared at the end of 2006. The most striking examples, and the initial members of MalWare 2.0 are the Bagle, Warezov and Zhelatin worms.

Microsoft has now announced it will be issuing a out-of-cycle patch for the IE7 vulnerability today at 1pm EST.

Patching systems remains an essential part of an overall security strategy

Over the last couple of weeks, we’ve been seeing new modifications of the PDF exploits spread and managed by the El Fiesta toolkit.

This article provides an overview of the methods currently used by cyber criminals to attack financial institutions and banks in particular. It reviews general trends and takes how malicious programs targeting financial institutions are designed to evade detection by antivirus solutions

Secunia tests

During our visit to the Virus Bulletin conference 2008 last week a man was arrested in Belgium for using someone else’s unsecured Wifi connection to get on the Internet. (More details in Dutch available here).

Hackers hacking hackers

Turbulence in the blogosphere

Our society has evolved to the point where many if not most of us spend a significant portion of our lives online. In many ways, this online virtual world mirrors our real world. Criminals, who are an unfortunate but integral part of our social structure, quite naturally have also appeared in the virtual world.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Vulnerabilities and exploits

Repercussions of dynamic testing

Smack on the bot for the Beeb

Kaspersky Security Bulletin: Statistics 2008

Crime and punishment

PHP hack

Bootkit: the challenge of 2008

MS issues patch for IE vulnerability

A patch is not just for Christmas…

Fiesta parties on

Attacks on banks

Secunia tests

To Open Wifi or Not To Open Wifi?

Hackers hacking hackers

Turbulence in the blogosphere

The Cybercrime Arms Race

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails