Threat Category: Web threats | Page 18

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

The TDSS loader, a malicious program that we wrote a lot about now has legs, i.e. a tool for self-propagation.

New techniques for obfuscating malicious code on websites are a good way to mislead both users and protection software alike

The infection strategies using java script technology are on the agenda and that because of his status as a “hybrid”, criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

It seems I’m not doing anything other than write about malware on Facebook, but here goes again

A host of events took place in the world of IT threats during the first quarter of 2011.

Latin America has ceased to be a neglected region for cyber-attacks and has since become a suitable area for the local development of crimeware for managing botnets.

Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.

Internationalized Domain Names already being used to spread malware, including the use of shortener URL services.

The bad guys were fast: Blackhat SEO campaign about Osama’s Bin Laden death spotted some minutes after the announcment.

It is a well-known fact that events of global interest are exploited by cybercriminals for financial gain. The current situation in Japan is no exception.

The Artro botnet has been around since early 2008. However, a full description of its functionality is still not available, so to rectify this, we decided to publish the results of a study we undertook.

Another botnet takedown, this time surrounding a piece of malware otherwise known as AFCORE or Coreflood, is being pursued by the US DOJ. According to the allegations, the malware infiltrated millions of systems.

I don’t have a LiveJournal account, but sometimes I’ll have a quick read of the blogs during breaks. On 4 April, however, an official announcement by LiveJournal Russia stated that the service had been subjected to a DDoS and was unavailable.

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Web threats

Monthly Malware Statistics, May 2011

Financial data stealing Malware now on Amazon Web Services Cloud

TDSS loader now got “legs”

Dangerous colours

Fake virustotal website propagated java worm

Facebook stalker application now localized

IT Threat Evolution for Q1-2011

Botnet management from Peru

Malvertising on ImageShack

Internationalized Domain Names used to spread malware

Blackhat SEO and Osama Bin Laden’s death

The Japan crisis – an IT security timeline

The ‘Advertising’ Botnet

Rotted Core Removed

LiveJournal under attack

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails