Secure List feed for B2B

The percentage of spam in email traffic was up 12.8 percentage points compared with January and averaged 71.1%.

Earlier today, the Laboratory of Cryptography and System Security (CrySyS Lab), together with the Hungarian National Security Authority (NBF), published details on a high profile targeted attack against Hungary. The details about the exact targets are not known and the incident remains classified. Considering the high level classification of the attack, Kaspersky Lab’s Global Research & Analysis Team performed a detailed technical analysis of the campaign and related malware samples. You can read our short FAQ below and you can download our technical analysis paper linked at the end of the blogpost.

Earlier today, reports of a number of cyberattacks against various South Korean targets hit the news. (see http://www.nknews.org/2013/03/south-korean-banks-broadcasters-paralyzed-by-cyber-attack/) The attackers, going by the handle “Whois Team” left a number of messages during the defacements

Attacks already started using the end of MSN Messenger to infect users

Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year’s conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn’t necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here’s a summary of the best talks at BlackHat Europe 2013.

On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product.

On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware "ItaDuke" because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Alighieri's "Divine Comedy". Previously, we posted about another campaign hitting Governments and other institutions, named Miniduke, which was also using the same 'Divine Comedy' PDF exploits. In the meantime, we've come by other attacks which piggyback on the same high level exploit code, only this time the targets are different: Uyghur activists. Together with our partner at AlienVault Labs, we analyzed these new exploits.

Microsoft releases nine March Security Bulletins. Four of the Bulletins are rated critical, but of the 20 vulnerabilities being patched, 12 are rated critical and enable remote code execution and elevation of privilege. Microsoft software being patched with critical priority include Internet Explorer, Silverlight, Visio Viewer, and SharePoint. So, pretty much every consumer running Windows, and lots of Microsoft shops, should be diligently patching systems today.

Together with our partner CrySyS Lab, we've discovered two new, previously-unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim's PC.

The 2014 FIFA World Cup has already kicked off, at least for Brazilian bad guys. Next year’s big event in Brazil has become one of the most prominent tactics used by Latin American cybercriminals as they unleash a real avalanche of phishing messages, fraudulent prizes and giveaways, malicious domains, fake tickets, credit card cloning, banking Trojans and a lot of social engineering.

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign is based on the Blackhole v2.0

After the recent emergence of the criminal PiceBOT in Latin America, AlbaBotnet has joined the growing ranks of regional IT crime.

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were