Threat Category: Web threats | Page 14

After the recent emergence of the criminal PiceBOT in Latin America, AlbaBotnet has joined the growing ranks of regional IT crime.

Google Chrome users are being targeted in these days by a wave of attacks that uses malicious extensions hosted in the official Chrome Web Store

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).

Cyber predators are stalking, taking advantage of the anonymity offered by the Internet and using the most advanced techniques to deceive their victims. They pose a persistent threat

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

Mass website infections are one of the biggest problems in contemporary IT security

The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’.

Parental Control puts parents in charge of all their children’s online activities.

Yesterday it was a dark day for many companies in Europe, but especially in the Netherlands. A piece of malware known as Worm.Win32.Dorifel infected over 3000 machines globally, and 90% of infected users were both from public and business sector organizations based in the Netherlands.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.

Recently, we came across web malware that – instead of injecting an iframe pointing to a fixed existing address – generates a pseudo-random domain name, depending on the current date.

Every day in Latin America we register lots of similar attacks, each abusing local DNS settings. Actually these attacks are a bit different because they modify the local HOST file but the principle is the same.

It’s the last call on DNSChanger cleanup. On Monday, the FBI-run replacement DNS servers are coming down.

Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines – one can wonder, what will happen to them?

It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Web threats

AlbaBotnet, another new crime wave in Latin American cyberspace

Malicious Chrome extensions: a cat and mouse game

Kaspersky Security Bulletin 2012. The overall statistics for 2012

Cyber predators lurking

IT Threat Evolution: Q3 2012

“This site may harm your computer”. How to recognize and defeat website infections

The geography of cybercrime: Western Europe and North America

Statistics on Parental Control Alerts for Various Countries

Dorifel is much bigger than expected and it’s still active and growing!

IT Threat Evolution: Q2 2012

“RunForestRun”, “gootkit” and random domain name generation

Is it the end of the DNSChanger Trojan?

DNSChanger – Last Call on Cleanup

The end of DNS-Changer

Worm 2.0, or LilyJade in action

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails