Vulnerabilities and exploits

At various times over the last few years, we’ve posted comments on different aspects of UK computer crime legislation, and the policing of cybercrime, on our weblog.

Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout April 2009.

Watching the Kido/Conficker P2P Network

Over the weekend we’ve seen a number of Cross Site Scripting worms for twitter. We detect these XSS worms as Net-Worm.JS.Twettir variants

BBC crosses the line again

Anyone who is remotely involved in the anti-malware industry will know that testing is a hot topic – the subject has received a lot of attention lately, particularly following the formation of AMTSO, the Anti-Malware Testing Standards Organization, earlier this year.

Smack on the bot for the Beeb

Unlike our previous six-month and annual statistical reports, this report is completely based on data collected and processed using the Kaspersky Security Network (KSN).

Crime and punishment

If you drop by phpbb.com, you’ll be greeted by this notice, which has been there for 5 days now

The term MalWare 2.0 is often used in our reports to denote a model for the complex malicious programs which appeared at the end of 2006. The most striking examples, and the initial members of MalWare 2.0 are the Bagle, Warezov and Zhelatin worms.

Microsoft has now announced it will be issuing a out-of-cycle patch for the IE7 vulnerability today at 1pm EST.

Patching systems remains an essential part of an overall security strategy

Over the last couple of weeks, we’ve been seeing new modifications of the PDF exploits spread and managed by the El Fiesta toolkit.

This article provides an overview of the methods currently used by cyber criminals to attack financial institutions and banks in particular. It reviews general trends and takes how malicious programs targeting financial institutions are designed to evade detection by antivirus solutions