CVE-2010-0188

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

According to Kaspersky Lab, in 2014 The popularity of mobile devices continues to grow, and this is affecting spam in email traffic: the number of advertising services that will spread spam on mobile devices is increasing, as are the number of offers addressed to the spammers who profit from these mailings. The popularity of mobile devices also makes them a valid vector for cyber-attack: email traffic now includes malicious imitations of emails sent from smartphones as well as fake notifications...

PDF Version On 1 July, new anti-spam legislation (CASL) came into effect in Canada. The new law covers commercial communications including email, messages on social networks and instant messaging services as well as SMS. Now, before a company starts sending emails, it must get the recipients’ consent. Canadian companies appear to have taken the new law seriously: in the second quarter, we saw a lot emails from Canadian companies asking users for permission to send their mailings. As well as as...

In the run-up to the summer, spammers offered their potential customers seedlings and seeds for gardening. In addition, English-language festive spam in May was dedicated to Mother’s Day – the attackers sent out adverts offering flowers and candies. As usual, the spammers were very busy in the run-up to the Mother’s Day celebration in May, sending out adverts for flowers and candies ahead of the holiday. To get the attention of the recipient, the subject of the email contained the name of ...

A quick download, a couple of clicks, a naughty URL and you're in the business of crime

Attacking enterprises just got easier with the development of an idiot-friendly tool that spits out booby-trapped PDFs with a few clicks. The tool weaves existing exploits into PDFs, allowing attacks against Adobe Reader and Acrobat versions 8.x prior to 8.2.1 and 9.x before 9.3.1. Users can insert their own URL pointers into the program, which then spits out an exploited PDF. Microsoft's free anti-virus had blocked the attack (CVE-2010-0188) in a test and it was likely other platforms would rai...

On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment (MD5: 97b720519aefa00da58026f03d818251) but were being sent from many different source addresses. The emails were written in German and most were sent from German IP addresses. Below is a map showing the distribution of addresses: The computer names referenced in the mail headers were often of the form Andreas-PC or Kerstin-Laptop (the names ...

Several days ago, a number of leaked documents from the Syrian Ministry of Foreign Affairs were published on Par:AnoIA, a new wikileaks-style site managed by the Anonymous collective. One of our users notified us of a suspicious document in the archive which is detected by our anti-malware products as Exploit.JS.Pdfka.ffw. He was also kind enough to send us a copy of the e-mail for analysis. Weve checked the e-mail, which contains a PDF file with an exploit (CVE-2010-0188, see http://cve.mitre.o...

On 20 March, Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. This is very good news, but unfortunately does not mark the end of the Carberp story. Evidently, those arrested were just one of the criminal gangs using the Trojan. At the same time, those who actually developed Carberp are still at large, openly selling the Trojan on cybercriminal forums. Here is a recent offer for the ‘multifunctional bankbot’, wh...

On 3 December, we noted a rapid growth in the number of detections for exploits targeting the vulnerability CVE-2011-3544 in Java virtual machine. The vulnerability was published on 18 October, but malicious users have only recently begun to make active use of it. It can be used by exploits in drive-by attacks to download and launch malicious programs. Number of unique detections of Exploit.Java.CVE-2011-3544 According to KSN data, most of the exploits targeting CVE-2011-3544 are used in the Bla...

The first Top Twenty list below shows malware, adware and potentially unwanted programs that were detected and neutralized by the on-access scanner when they were accessed for the first time. The first half of this list remained unchanged from last month, with viruses such as Sality and Virut and the infamous Kido worm all maintaining their positions. The second half, however, threw up a few surprises with six new entries. Let’s look at each of them in turn. Worm.Win32.Autoit.xl, in twelfth pl...

I just came across a suspicious PDF file, so I decided to take a deeper look. Once the file was unpacked, I got an xml file with TIFF image. However, the whole thing looked very strange. The whole thing looked very fishy, and ultimately, it turned out that the xml file contained an exploit for CVE-2010-0188. I thought it was a bit odd that we hadn’t come across files like this before, so I decided to tak a look at stats for this vulnerability: CVE-2010-0188 exploit statistics 2010 The graph sh...

Vulnerabilities continue to be detected and successfully exploited in Adobe’s most popular products – Acrobat and Reader. Some days ago we received an interesting PDF file (detected as Exploit.JS.Pdfka.bui) which contained an exploit for the CVE-2010-0188 vulnerability, which was originally discovered back in February in Acrobat/Reader version 9.3 and earlier. The first thing that catches the eye is the intentionally malformed TIFF image inside the PDF file. The vulnerability – a buffer ov...