Threat Category: Web threats | Page 19

Over the weekend, a lot of Facebook users started receiving malicious chat messages from their friends followed by a shortened URL

A short while ago, I decided to prepare a presentation on web vulnerabilities and specifically on XSS attacks. I selected the most popular Russian social networking website, VKontakte.ru, as a test bed.

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them.

A new Twitter worm is spreading fast, using the “goo.gl” URL shortening service to distribute malicious links.

This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).

The tactics used by the cybercriminals remained the same. Surfing the web is still a dangerous pastime, while social engineering is routinely used to entice users into opening malicious links or downloading malicious or fraudulent programs.

Modern game consoles are not only dedicated to gaming anymore, they rather offer a great variety of entertainment and many methods.

We have seen many examples in the past: the use of Twitter as a communication channel for a botnet, using Amazon EC2 for hosting C&Cs for distributing malware. Today we will see how malware maximizes its revenues using this kind of services with a minimum impact on victims computer.

On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested.

Facebook adds a new profile option, and may affect privacy.

New attack via Twitter is in progress

Malicious social applications in Orkut were used to redirect users to phishing domains

A friend had ‘sent’ me a strange-looking link via Facebook IM. A closer look revealed that it was a link being spread by a new and active Facebook worm.

Another live XSS vulnerability in Orkut affected more than 180,000 users in Brazil.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Web threats

Yet another malicious Facebook app: “Father crashes and dies”

XSS Vulnerabilities in Russian Social Networking Site ‘VKontakte’

Kaspersky Security Bulletin. Malware Evolution 2010

Pirate episodes scam

New Twitter worm redirects to Fake AV

A few words about the HLux botnet

Monthly Malware Statistics, December 2010

Gaming the Security

Malware in the cloud

End of the Line for the Bredolab Botnet?

Tim is using the new profile

Malicious Twitter trends

Social apps, security problems

Catching Facebook worms in Russia

Another live XSS vulnerability

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails