Threat Category: Web threats | Page 18

A few days ago, we have notified you about malicious activities from the S.A.P.Z. botnet. And we provided evidence that this methodology of attack can be used to affect users of any Latin America bank, or any part of the world.

It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution.

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.

The TDSS loader, a malicious program that we wrote a lot about now has legs, i.e. a tool for self-propagation.

New techniques for obfuscating malicious code on websites are a good way to mislead both users and protection software alike

The infection strategies using java script technology are on the agenda and that because of his status as a “hybrid”, criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

It seems I’m not doing anything other than write about malware on Facebook, but here goes again

A host of events took place in the world of IT threats during the first quarter of 2011.

Latin America has ceased to be a neglected region for cyber-attacks and has since become a suitable area for the local development of crimeware for managing botnets.

Today while conducting research on the alleged Latvian power hack, I came across some interesting malvertising on imageshack, where pictures of the purported hack have been hosted.

Internationalized Domain Names already being used to spread malware, including the use of shortener URL services.

The bad guys were fast: Blackhat SEO campaign about Osama’s Bin Laden death spotted some minutes after the announcment.

It is a well-known fact that events of global interest are exploited by cybercriminals for financial gain. The current situation in Japan is no exception.

The Artro botnet has been around since early 2008. However, a full description of its functionality is still not available, so to rectify this, we decided to publish the results of a study we undertook.

Reports

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Web threats

S.A.P.Z. Botnet, new perspective of attack

Dangerous whitespaces

Monthly Malware Statistics, May 2011

Financial data stealing Malware now on Amazon Web Services Cloud

TDSS loader now got “legs”

Dangerous colours

Fake virustotal website propagated java worm

Facebook stalker application now localized

IT Threat Evolution for Q1-2011

Botnet management from Peru

Malvertising on ImageShack

Internationalized Domain Names used to spread malware

Blackhat SEO and Osama Bin Laden’s death

The Japan crisis – an IT security timeline

The ‘Advertising’ Botnet

Reports

ToddyCat: your hidden email assistant. Part 1

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Subscribe to our weekly e-mails