Malware RSS Feed

This blog post describes an alternate way to view advertised IP address space on the internet using publicly available information.

The percentage of spam in email traffic was up 12.8 percentage points compared with January and averaged 71.1%.

Earlier today, the Laboratory of Cryptography and System Security (CrySyS Lab), together with the Hungarian National Security Authority (NBF), published details on a high profile targeted attack against Hungary. The details about the exact targets are not known and the incident remains classified. Considering the high level classification of the attack, Kaspersky Lab’s Global Research & Analysis Team performed a detailed technical analysis of the campaign and related malware samples. You can read our short FAQ below and you can download our technical analysis paper linked at the end of the blogpost.

Earlier today, reports of a number of cyberattacks against various South Korean targets hit the news. (see http://www.nknews.org/2013/03/south-korean-banks-broadcasters-paralyzed-by-cyber-attack/) The attackers, going by the handle “Whois Team” left a number of messages during the defacements

This technical note describes an analysis of the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders," which helps organizations mitigate the risk of insider theft of IP.

Attacks already started using the end of MSN Messenger to infect users

Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year’s conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn’t necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here’s a summary of the best talks at BlackHat Europe 2013.

On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware "ItaDuke" because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Alighieri's "Divine Comedy". Previously, we posted about another campaign hitting Governments and other institutions, named Miniduke, which was also using the same 'Divine Comedy' PDF exploits. In the meantime, we've come by other attacks which piggyback on the same high level exploit code, only this time the targets are different: Uyghur activists. Together with our partner at AlienVault Labs, we analyzed these new exploits.

This blog post describes how you can calculate the growth rate of advertised IP address space on the internet using publicly available information.