Threat Category: Web threats | Page 19

This new worm is propagating via e-mail with a backboned administration through a crimeware pack called BOMBA. The scam messages come with a message to a fake eCard requiring installing Flash Player (an old scammers trick).

The tactics used by the cybercriminals remained the same. Surfing the web is still a dangerous pastime, while social engineering is routinely used to entice users into opening malicious links or downloading malicious or fraudulent programs.

Modern game consoles are not only dedicated to gaming anymore, they rather offer a great variety of entertainment and many methods.

We have seen many examples in the past: the use of Twitter as a communication channel for a botnet, using Amazon EC2 for hosting C&Cs for distributing malware. Today we will see how malware maximizes its revenues using this kind of services with a minimum impact on victims computer.

On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested.

Facebook adds a new profile option, and may affect privacy.

New attack via Twitter is in progress

Malicious social applications in Orkut were used to redirect users to phishing domains

A friend had ‘sent’ me a strange-looking link via Facebook IM. A closer look revealed that it was a link being spread by a new and active Facebook worm.

Another live XSS vulnerability in Orkut affected more than 180,000 users in Brazil.

There have been several reports about malware hosted on Mozilla and Google code servers. Now we also found malware hosted on My Opera community servers.

We’re still monitoring Pegel, and we’ve come across something which piqued our interest: redirects to malicious websites hosting exploits weren’t only coming from infected legitimate sites, but also from flash ads on legitimate sites.

You may have noticed that we lowered our internet threat level to low risk. We have taken another look at Email-Worm.Win32.VBMania and its prevalence and came to the conclusion the increased threat level was not warranted.

A new Twitter XSS exploit was identified in the wild as it started to be used by cybercriminals overnight.

On Aug 21, we detected a new instant messenger worm that spreads through almost all well-known IM programs. The name of the threat is “IM-Worm.Win32.Zeroll.a”

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Web threats

A few words about the HLux botnet

Monthly Malware Statistics, December 2010

Gaming the Security

Malware in the cloud

End of the Line for the Bredolab Botnet?

Tim is using the new profile

Malicious Twitter trends

Social apps, security problems

Catching Facebook worms in Russia

Another live XSS vulnerability

Google, Mozilla and now Opera… Who’s next?

Pegel now in banners

Another look at VBMania

Twitter XSS in the wild

New IM Worm Squirming in Latin America

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails