Web threats

It is a well-known fact that events of global interest are exploited by cybercriminals for financial gain. The current situation in Japan is no exception.

The Artro botnet has been around since early 2008. However, a full description of its functionality is still not available, so to rectify this, we decided to publish the results of a study we undertook.

Another botnet takedown, this time surrounding a piece of malware otherwise known as AFCORE or Coreflood, is being pursued by the US DOJ. According to the allegations, the malware infiltrated millions of systems.

I don’t have a LiveJournal account, but sometimes I’ll have a quick read of the blogs during breaks. On 4 April, however, an official announcement by LiveJournal Russia stated that the service had been subjected to a DDoS and was unavailable.

Since we posted about the compromised CA incident and related browser fixes, the incident has been labeled “Comodogate”. Quite a bit of information has been released since then.

This past week, another concrete example of the very foundation of trust on the web was shaken with the final coordination of an effort between a compromised Certificate Authority and web browser providers.

Over the weekend, a lot of Facebook users started receiving malicious chat messages from their friends followed by a shortened URL

A short while ago, I decided to prepare a presentation on web vulnerabilities and specifically on XSS attacks. I selected the most popular Russian social networking website, VKontakte.ru, as a test bed.

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them.

A new Twitter worm is spreading fast, using the “goo.gl” URL shortening service to distribute malicious links.

This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).

The tactics used by the cybercriminals remained the same. Surfing the web is still a dangerous pastime, while social engineering is routinely used to entice users into opening malicious links or downloading malicious or fraudulent programs.

Modern game consoles are not only dedicated to gaming anymore, they rather offer a great variety of entertainment and many methods.

We have seen many examples in the past: the use of Twitter as a communication channel for a botnet, using Amazon EC2 for hosting C&Cs for distributing malware. Today we will see how malware maximizes its revenues using this kind of services with a minimum impact on victims computer.