Web threats

The SSL PKI has been in use and implemented for 15 years now to secure online communications.

During the last couple of days we have been investigating the extremely high numbers of infected websites.

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

Hello from Virus Bulletin 2011! Several talks this morning were very good, and an unusual topic about DDoS in the east was presented early in the afternoon.

Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet Kelihos/Hlux. Kaspersky Lab played a critical role in this botnet takedown initiative.

The title of this post suggests that I’ve been thinking of one of the cyber-criminals that uses SpyEye, maybe in admiration! But actually his cyber-criminal actions overshadow anything else.

At the beginning of last week the Dutch government had vouched for the integrity of the PKIoverheid CA. This caused the browser makers to only denylist the non-goverment CA from Diginotar.

One of the big questions is whether the government CA branch – called DigiNotar PKIoverheid – has also been compromised.

When logging into Facebook today, I was greeted with a new set of controls. In the wake of the apparent success of Google+, it seems that Facebook would like to reassure its user base that they too can control who sees what you post, and who you tag.

All statistical data presented in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Many Cloud Computing providers offer gigabytes of storage for free, and the cybercriminals use to maintain and spread malware of all the kind. At the same time, many legitimate services are not free, but are still very attractive to cybercrime gangs. In the case of Amazon, Amazon Simple Storage Service (Amazon S3) does the trick.

Have we forgotten about DNS secutity? In a time of hacktivism and targetted attacks being on the raise this is something that we cannot afford forgetting. During my research i noticed that alot of DNS servers are running a weak configuration allowing an remote attacker to gain valuable information.

The cybercrime business is really no different from other types of business such as pasta making or selling spare parts for cars. It has its own expenses and overheads. A hacker, just like any businessman, tries to save on attacks and keep their costs down.

Some commentators and other security researchers however, focusing on our use of the word “indestructible” in the article, seem to think that we believe the malware is indestructible. In fact, our own TDSS Killer can remove the malware.