Aviv Raff on the Evolution of Exploit Kits
In this video, via Kaspersky’s Lab Matters, Ryan Naraine and Seculert’s Aviv Raff discuss the evolution of exploit kits and the recent merger of Spyeye and Zeus.
Malware
Researchers Discover File Used to Hack RSA
Researchers at anti-malware company F-Secure say they have found the actual infected Excel file that was used in the attack on RSA earlier this year, eventually forcing the company to replace millions of its SecurID tokens. The Outlook email message containing the malicious file apparently was uploaded to Virustotal in March and the researchers dug it out this week.
Android Malware Increasing, AutoRun Attacks Still Prevalent
The recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous.
By Jorge MieresAfter rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware.
Ubuntu has fixed a pile of security vulnerabilities in some of its current releases, including 22 vulnerabilities in the WebKit framework that’s part of the operating system. The WebKit flaws include some issues that could be exploited by remote attackers to run code on vulnerable machines.
The Ramnit worm, known by researchers for its use of somewhat old-school malicious techniques, has now changed some of its tactics and morphed into financial malware, researchers say.
In this video Chris Astacio of Websense describes a malware attack that’s spreading through an infected module found in many Wordpress themes named TimThumb.php.
By Tillmann WernerIdentifying a botnet is not an easy task sometimes, especially when
one gets lost in different components like droppers, infectors and other
bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks
pointed me to a new varmint that appears to be another peer-to-peer
bot.
The hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump.
The attack against RSA earlier this year has become a case study in how data breaches occur and how companies respond. In this video, Uri Rivner, Head of New Technologies, Identity Protection and Verification, at RSA discusses the attack, the aftermath and the lessons learned from it.
