Malware Alerts

During our research on the Winnti group we have managed to discovered quite a considerable amount of Winnti samples targeting different gaming companies. With the help ofUsing thisat sophisticatedcomplicated malicious program cybercriminals gained remote access to infected workstations and then carried out further they activityed manually.

Today Kaspersky Lab's team of experts published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as Winnti.

The study shed light on the activities of a group that has persistently targeted online gaming companies for several years.

The favorite tool of the attackers has been malicious program we called "Winnti". It has evolved since the first use, but we divide all variants into two generations: 1.x and 2.x. Our publication describes 1.0 variant of this tool.

Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other rated "Important". It appears that the two Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer.

Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype

New very active malicious campaign in Skype with almost 3 clicks (potential infections) per second

Virus calendar wallpapers for 2013

"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."

Over the last few months we have seen a series of very similar targeted attacks being blocked in our Linux Mail Security Product.

In the past, we've seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. We've documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious program for Android.

The percentage of spam in email traffic was up 12.8 percentage points compared with January and averaged 71.1%.

Earlier today, the Laboratory of Cryptography and System Security (CrySyS Lab), together with the Hungarian National Security Authority (NBF), published details on a high profile targeted attack against Hungary. The details about the exact targets are not known and the incident remains classified. Considering the high level classification of the attack, Kaspersky Lab’s Global Research & Analysis Team performed a detailed technical analysis of the campaign and related malware samples. You can read our short FAQ below and you can download our technical analysis paper linked at the end of the blogpost.

Earlier today, reports of a number of cyberattacks against various South Korean targets hit the news. (see http://www.nknews.org/2013/03/south-korean-banks-broadcasters-paralyzed-by-cyber-attack/) The attackers, going by the handle “Whois Team” left a number of messages during the defacements

Attacks already started using the end of MSN Messenger to infect users

Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year’s conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn’t necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here’s a summary of the best talks at BlackHat Europe 2013.

On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware "ItaDuke" because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Alighieri's "Divine Comedy". Previously, we posted about another campaign hitting Governments and other institutions, named Miniduke, which was also using the same 'Divine Comedy' PDF exploits. In the meantime, we've come by other attacks which piggyback on the same high level exploit code, only this time the targets are different: Uyghur activists. Together with our partner at AlienVault Labs, we analyzed these new exploits.