Threat Category: Web threats | Page 18

Some commentators and other security researchers however, focusing on our use of the word “indestructible” in the article, seem to think that we believe the malware is indestructible. In fact, our own TDSS Killer can remove the malware.

The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today.

There’s nothing new in Brazilian cybercriminals exploiting social networks to distribute their malicious code. Orkut was first, followed by Twitter, and now it’s Facebook’s turn.

A few days ago, we have notified you about malicious activities from the S.A.P.Z. botnet. And we provided evidence that this methodology of attack can be used to affect users of any Latin America bank, or any part of the world.

It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution.

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

The TDSS loader, a malicious program that we wrote a lot about now has legs, i.e. a tool for self-propagation.

New techniques for obfuscating malicious code on websites are a good way to mislead both users and protection software alike

The infection strategies using java script technology are on the agenda and that because of his status as a “hybrid”, criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

It seems I’m not doing anything other than write about malware on Facebook, but here goes again

A host of events took place in the world of IT threats during the first quarter of 2011.

Latin America has ceased to be a neglected region for cyber-attacks and has since become a suitable area for the local development of crimeware for managing botnets.

Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.

Internationalized Domain Names already being used to spread malware, including the use of shortener URL services.

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Web threats

TDL-4 Indestructible or not???

TDL4 – Top Bot

IM worm targeting Brazilian Facebook users

S.A.P.Z. Botnet, new perspective of attack

Dangerous whitespaces

Monthly Malware Statistics, May 2011

Financial data stealing Malware now on Amazon Web Services Cloud

TDSS loader now got “legs”

Dangerous colours

Fake virustotal website propagated java worm

Facebook stalker application now localized

IT Threat Evolution for Q1-2011

Botnet management from Peru

Malvertising on ImageShack

Internationalized Domain Names used to spread malware

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails