Threat Category: Web threats | Page 17

The cybercrime business is really no different from other types of business such as pasta making or selling spare parts for cars. It has its own expenses and overheads. A hacker, just like any businessman, tries to save on attacks and keep their costs down.

Some commentators and other security researchers however, focusing on our use of the word “indestructible” in the article, seem to think that we believe the malware is indestructible. In fact, our own TDSS Killer can remove the malware.

The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today.

There’s nothing new in Brazilian cybercriminals exploiting social networks to distribute their malicious code. Orkut was first, followed by Twitter, and now it’s Facebook’s turn.

A few days ago, we have notified you about malicious activities from the S.A.P.Z. botnet. And we provided evidence that this methodology of attack can be used to affect users of any Latin America bank, or any part of the world.

It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution.

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

The TDSS loader, a malicious program that we wrote a lot about now has legs, i.e. a tool for self-propagation.

New techniques for obfuscating malicious code on websites are a good way to mislead both users and protection software alike

The infection strategies using java script technology are on the agenda and that because of his status as a “hybrid”, criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

It seems I’m not doing anything other than write about malware on Facebook, but here goes again

A host of events took place in the world of IT threats during the first quarter of 2011.

Latin America has ceased to be a neglected region for cyber-attacks and has since become a suitable area for the local development of crimeware for managing botnets.

Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Web threats

From Cocos Islands to Cameroon

TDL-4 Indestructible or not???

TDL4 – Top Bot

IM worm targeting Brazilian Facebook users

S.A.P.Z. Botnet, new perspective of attack

Dangerous whitespaces

Monthly Malware Statistics, May 2011

Financial data stealing Malware now on Amazon Web Services Cloud

TDSS loader now got “legs”

Dangerous colours

Fake virustotal website propagated java worm

Facebook stalker application now localized

IT Threat Evolution for Q1-2011

Botnet management from Peru

Malvertising on ImageShack

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails