Web threats

Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines – one can wonder, what will happen to them?

It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines.

According to KSN data, Kaspersky Lab products detected and neutralized almost 1 billion malicious objects in Q1 2012.

The following statistics were compiled in April using data collected from computers running Kaspersky Lab products

The FBI’s “Operation Ghost Click” announcement in Nov 2011, involving the Rove Digital botnet delayed cleanup efforts that we previously discussed, continues to haunt both the internet networks and the mass media.

The investigation into the Duqu Trojan is into its sixth month, and March brought further progress as we were able to establish which language was used for its Framework code.

This month’s patch Tuesday fixes a small set of critical vulnerabilities in a variety of client side software and one “important” server side Forefront UAG data leakage/information disclosure issue. Six bulletins have been created to address eleven exploitable flaws.

Last September, in partnership with Microsoft’s Digital Crimes Unit (DCU), SurfNET and Kyrus Tech, Inc., Kaspersky Lab successfully disabled the dangerous Hlux/Kelihos botnet by sinkholing the infected machines to a host under our control.

A few months later, our researchers stumbled upon a new version of the malware with significant changes in the communication protocol and new “features” like flash-drive infection, bitcoin-mining wallet theft.

Now, we are pleased to announce that we have partnered with the CrowdStrike Intelligence Team, the Honeynet Project and Dell SecureWorks to disable this new botnet.

Brazilian bad guys are hosting malicious extensions on official Google’s Chrome Web Store

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources

As Eugene Kaspersky had written earlier, we were expecting new DDoS attacks on resources covering the Russian presidential election

Let’s just make a conservative guesstimate that there are more than 40 million infected victim hosts and malware serving “hosts” connected to the internet at any one time, including both traditional computing devices, network devices and smartphones.

This section of the report is based on data obtained and processed using the Kaspersky Security Network (KSN).

All statistical data used in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.

This is not the first time the HLUX botnet has been mentioned in this blog, but there are still some unanswered questions that we’ve been receiving from the media