Web threats

Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet Kelihos/Hlux. Kaspersky Lab played a critical role in this botnet takedown initiative.

The title of this post suggests that I’ve been thinking of one of the cyber-criminals that uses SpyEye, maybe in admiration! But actually his cyber-criminal actions overshadow anything else.

At the beginning of last week the Dutch government had vouched for the integrity of the PKIoverheid CA. This caused the browser makers to only denylist the non-goverment CA from Diginotar.

One of the big questions is whether the government CA branch – called DigiNotar PKIoverheid – has also been compromised.

When logging into Facebook today, I was greeted with a new set of controls. In the wake of the apparent success of Google+, it seems that Facebook would like to reassure its user base that they too can control who sees what you post, and who you tag.

All statistical data presented in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Many Cloud Computing providers offer gigabytes of storage for free, and the cybercriminals use to maintain and spread malware of all the kind. At the same time, many legitimate services are not free, but are still very attractive to cybercrime gangs. In the case of Amazon, Amazon Simple Storage Service (Amazon S3) does the trick.

Have we forgotten about DNS secutity? In a time of hacktivism and targetted attacks being on the raise this is something that we cannot afford forgetting. During my research i noticed that alot of DNS servers are running a weak configuration allowing an remote attacker to gain valuable information.

The cybercrime business is really no different from other types of business such as pasta making or selling spare parts for cars. It has its own expenses and overheads. A hacker, just like any businessman, tries to save on attacks and keep their costs down.

Some commentators and other security researchers however, focusing on our use of the word “indestructible” in the article, seem to think that we believe the malware is indestructible. In fact, our own TDSS Killer can remove the malware.

The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today.

There’s nothing new in Brazilian cybercriminals exploiting social networks to distribute their malicious code. Orkut was first, followed by Twitter, and now it’s Facebook’s turn.

A few days ago, we have notified you about malicious activities from the S.A.P.Z. botnet. And we provided evidence that this methodology of attack can be used to affect users of any Latin America bank, or any part of the world.

It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution.