CVE-2010-0806

This section of the report forms part of Kaspersky Security Bulletin 2010 and is based on data obtained and processed using the Kaspersky Security Network (KSN). KSN integrates cloud-based technologies into personal and corporate products and is one of Kaspersky Lab’s most important innovations. KSN assists Kaspersky Lab’s experts to swiftly detect new malware in real-time, when no corresponding signature or heuristic detection exists for these threats. KSN helps identify sources of malware ...

The following statistics were compiled in January using data from computers running Kaspersky Lab products: The majority of malware will attempt to conceal its presence on users’ computers and function without the users’ knowledge, especially the more sophisticated types. Cyber fraud, however, requires the participation of users. To prevent users falling victim to the various scams out there, it’s very important that they know about them. Cybercriminals often exploit the popularity of an o...

Kaspersky Lab presents its malware rankings for October. Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double words,...

The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network. The raider creates the loophole that lets others in — spies, thieves or secret agents, who then force the system to operate according to their bosses’ wishes. As long as the loophole stays open… This is not a scene from a computer game, this type of scenario is played out usin...

Kaspersky Lab presents its malware rankings for September. There are relatively few new malicious programs in either ranking. It is, however, worth highlighting a new ‘bundle’: Trojan-Dropper.Win32.Sality.cx which installs Virus.Win32.Sality.bh to an infected computer. The dropper spreads using a vulnerability in WinLNK files (i.e., Windows shortcuts). It’s also worth noting that in September the number of exploits targeting CVE-2010-1885 (the Windows Help and Support Center vulnerability)...

In August, there was a significant increase in exploits of the CVE-2010-2568 vulnerability. Worm.Win32.Stuxnet, which notoriously surfaced in late July, targets this vulnerability, as does the Trojan-Dropper program which installs the latest variant of the Sality virus – Virus.Win32.Sality.ag. Unsurprisingly, black hats lost no time in taking advantage of this latest vulnerability in the most commonly used version of Windows. However, on 2 August Microsoft released MS10-046 which provides a pa...

The first Top Twenty list below shows malware, adware and potentially unwanted programs that were detected and neutralized by the on-access scanner when they were accessed for the first time. The first half of this list remained unchanged from last month, with viruses such as Sality and Virut and the infamous Kido worm all maintaining their positions. The second half, however, threw up a few surprises with six new entries. Let’s look at each of them in turn. Worm.Win32.Autoit.xl, in twelfth pl...

The first Top Twenty list below shows malware, adware and potentially unwanted programs that were detected and neutralized by the on-access scanner when they were accessed for the first time. The first ten places on the above list remain virtually unchanged from last month, with the Kido network worm and the Sality virus continuing to occupy the top four places. Fifth place saw the appearance of Exploit.JS.Agent.bab, which shunted the next five programs down one place, but we’ll talk more abou...

The first Top Twenty list immediately below shows malware, adware and potentially unwanted programs that were detected and neutralized by the on-access scanner when they were accessed for the first time. During May there were five new entries to the list. Variants of the CVE-2010-0806 exploit left the Top 20 list as swiftly as they had joined it a month ago. However, malware writers are nowhere near through with exploiting the CVE-2010-0806 vulnerability. In May, Trojan.JS.Agent.bhr, a component...

This report was compiled on the basis of data obtained and processed using the Kaspersky Security Network (KSN). KSN is one of the most important innovations in personal products and is currently in the final stages of development. Once completed, it will become an integral feature of Kaspersky Lab’s corporate product range. The Kaspersky Security Network can, in real time, detect new malware for which no signatures or heuristic detection methods are currently available. KSN helps identify the...

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. The list of the twenty most frequently occurring malicious programs detected on users’ computers traditionally remains fairly stable, so it comes as no surprise that Kido and Sality continue to occupy the top two places. April saw four new entries. Two of them (7th and 12th places) are variants of the CVE-201...

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. There was no major change in the first Top Twenty leader board in March. Three variants to the Autorun Trojan are worthy of mention. As was the case a couple of months back, they are autorun.inf files that use removable devices to spread the notorious P2P-Worm, Win32.Palevo and Trojan-GameThief.Win32.Magania. T...