Malware Alerts

Subscribe to Malware Alerts feed Malware Alerts
Updated: 1 hour 51 min ago

Blog: CVE-2014-0497 – a 0-day vulnerability

Wed, 02/05/2014 - 10:15

A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited.

Blog: Big box LatAm hack (3rd part – infection by Office files)

Tue, 02/04/2014 - 19:21
Cybercriminals from Latin America infect victims via macro-enabled Microsoft Office documents. One of such documents while found in-the-wild had 0 from 48 VirusTotal detection rate!

Blog: Abused update of GOM Player poses a threat

Tue, 02/04/2014 - 09:58
Several media reported the news on January 7th, 2014, that a PC associated with “Monju” (the Fast Breeder Reactor of the Japan Atomic Energy Agency) was infected by malware and there was a suspicion of information leaks. Some pointed out that the infection had possibly been led by the abuse of the legitimate update of "GOM Player", which made it big news. GOM Player is a free media player with popular video/audio codecs built-in, favored by many Japanese people. It is different from similar free media players in some notable points: it supports major file formats such as AVI, DAT, DivX, MPEG, WMV to name just some; and it officially deploys a Japanese version. Its users are said to be more than 6 million in Japan.

Blog: A Glimpse Behind "The Mask"

Mon, 02/03/2014 - 06:44
During the past months we have been busy analysing yet another sophisticated cyberespionage operation which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation "The Mask" for reasons to be explained later.

Blog: Big box LatAm hack (2nd part – Email brute-force and spam)

Sun, 02/02/2014 - 20:28
Cybercriminals behind Betabot and other malware in Latin America instead of using zombie machines, brute-force not properly configured email servers and then spamming to the victims.

Blog: World Cup: fake tickets, fake giveaways, real attacks

Fri, 01/31/2014 - 15:30
Fraudulent websites offering tickets to the World Cup in Brazil

Analysis: Spam money lenders: data theft, Trojans and other special features of ‘cheap’ loans

Thu, 01/30/2014 - 06:00
Millions of people worldwide prefer to buy goods and services on credit, agreeing to pay considerable sums in interest to various money lenders.

Blog: Olympic Games: Made in China

Wed, 01/29/2014 - 07:10

Blog: A cross-platform java-bot

Tue, 01/28/2014 - 09:30

Blog: Mandela’s millions

Mon, 01/27/2014 - 10:48

Blog: Nigerian polyglots

Mon, 01/27/2014 - 10:37

Blog: From Latin America with love, Jumcar strikes again

Thu, 01/23/2014 - 09:21
From Latin America with love, Jumcar strikes again A new sample was submitted to the Virus Total system on January 18th which was quickly spotted by my colleague Dmitry Bestuzhev. Interestingly enough, it seems that a new variant of the Jumcar malware family has appeared and a lot of changes have been made to the original source code.

Analysis: Kaspersky Security Bulletin. Spam evolution 2013

Thu, 01/23/2014 - 06:00
Spam is changing and as traditional advertising declines we see far more fraud, malware and phishing.

Analysis: Spam in December 2013

Thu, 01/23/2014 - 04:00
In December, spammers continued to honor the traditions of the season and tried to attract potential customers with a variety of original gift and winter vacation offers, taking advantage of the approaching holidays.

Blog: Suits and Spooks Collision DC 2014

Thu, 01/23/2014 - 00:46

Suits and Spooks Collision DC 2014 wrapped up this week, and I had the opportunity to speak on two panels at the event, "Exploiting End Points, Devices, and the Internet of Things", and "Is the Cloud and Virtualization an Attacker’s Dream or Nightmare?".

Blog: WhatsApp for PC - a guaranteed Trojan banker

Mon, 01/20/2014 - 23:54
WhatsApp for PC - now from Brazil and bringing banker which will steal your money. It hides itself as an mp3 file and has a low VT detection.

Blog: Big box LatAm hack (1st part - Betabot)

Wed, 01/15/2014 - 20:42
Betabot is now used by cybercriminals from LatAm to attack local victims. We found it installed on a purely malicious server located in Russian with a domain registered in Panama. This is the 1st part of the research.