Vitaly Kamluk

Elections 2012 and DDoS attacks in Russia

By Vitaly KamlukAs Eugene Kaspersky had written earlier, we were expecting new DDoS attacks on resources covering the Russian presidential election. So, as the country went to the polls on 4 March, we were on the lookout for new DDoS attacks.We were surprised to hear a news report from one mass media source that claimed a series of attacks from foreign countries had targeted the servers responsible for broadcasting from polling stations. The announcement came at about 21:00, but there was no trace of any attack on our monitoring system. The media report did not clarify exactly what sort of attacks had been staged. Instead of a DDoS attack, the journalists might have been referring to a different method of seizing unauthorized access, such as an SQL injection.

Gumblar: New Generation of Self-Building Botnets

By Vitaly KamlukWe’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat.Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. Later this was proved by an analysis of FTP log files.

A Black Hat Loses Control

Guest Editorial by Vitaly KamlukMalware writers today always try to
conceal their identities, right? Wrong – even some of today’s profit
driven cyber criminals reveal their identities. We are a bit surprised,
but here is the story of how a blackhat has revealed his identity and
is trying to ‘get compensation’ from Kaspersky for conducting research.