Security News? Just a few clicks away

Monthly Archives: September 2010

Stuxnet in the news

The Stuxnet Trojan is very well covered in the media as more and more details about its sophisticated code become public. It abuses four previously unknown security vulnerabilities in Windows to enter the system and is specialized on attacking Siemens … Continue reading

The Virus Bulletin 2010 Conference in Vancouver, Canada

Today the 20th Virus Bulletin Conference in Vancouver, Canada, started. The editor of VB Magazine, Helen Martin, opened the conference today with an overview over the 20 editions so far. It is amazing to see how much the AV world … Continue reading

Analysis of TR/Oficla.GM

The Oficla malware is a family of Trojans which inject code into running processes in order to download and execute files. We have seen the malware in the wild, downloading several additional malware families. The Trojan is often spammed out … Continue reading

Phishing, Spam and Malware Statistics for August 2010

Spam category statistics In August, everything remained constant in the spam types being sent. The only variation introduced was for the category Other, which means that there were indeed some new types of malware which weren’t detected at the beginning. … Continue reading

Presentation at the Anti-Botnet Initiative

We very often hear about bots and botnets as being the tools used to send billions and billions of spam messages, hosting phishing websites and malware. Being concentrated on developing the technology which detects the malicious software and repairs the … Continue reading

More Spam with JavaScript redirectors

We received new spam emails which contain a JavaScript redirector in form of a HTML attachment. The emails we received have the subject “Consultation Appointment”. The decrypted JavaScript consists of new JavaScript code. This JavaScript redirector loads yet another JavaScript … Continue reading

Twitter XSS hole getting abused (Update)

On Twitter a new security flaw gets currently exploited. Hackers found a way to inject malicious JavaScript code into tweets with the onMouseOver event. This can lead to pop-ups appearing, redirecting to websites, re-tweeting spam, or even worse things like … Continue reading

Flash Player Updates fix 0-day-vulnerability

Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat … Continue reading

Security issues on Android

One unique security feature of Android is the permission check when installing 3rd party apps. The system lists all permissions that an app requires and asks the user to check if that’s alright. Such permissions are the ability to receive … Continue reading

New phishing-spam waves using Facebook as bait

We have started to see again a large increase in the amount of emails pretending to come from Facebook. There are two types of emails which are being sent in large amounts currently. Both of them use classical types of … Continue reading