CVE-2008-2992

Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...

On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested. While it is certainly possible that this marked the end of Bredolab, the technologies behind it remain and can, unfortunately, still be used to create new botnets. Malicious programs from the Backdoor.Win32.Bredolab family were first dete...

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines. As a result, the Top Twenties have changed somewhat, and the figures in both ratings this month are significantly higher, due to an increased numbers of users participating in KSN. The first Top Twenty lists malicious programs, adware and potentially unwanted program...

Is yours next?

If you haven't updated your Adobe Reader program lately, now would be a good time. Three days after the company rushed out a critical update, miscreants are actively exploiting a security flaw to execute malicious code on vulnerable machines. The SANS Internet Storm Center says here that researchers have spotted laced PDF files being circulated online. Its discovery comes on the heels of the public release of proof-of-concept code exploiting CVE-2008-2992. According to SANS, none of the 32 top a...