Viry a Červi

Supreme Court says secret UK spy court's judgments can be overruled after all

The Register - Anti-Virus - 15 Květen, 2019 - 16:05
It all went a bit Pete Tong for the Peeping Toms

Britain's Supreme Court said today that rulings from a secretive UK spy tribunal can now be appealed against after a legal challenge from pressure group Privacy International.…

Kategorie: Viry a Červi

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

Sophos Naked Security - 15 Květen, 2019 - 14:09
Microsoft has fixed an RDP vulnerability that can be exploited remotely, without authentication and used to run arbitrary code.

Microsoft fixes Intel ZombieLoad bug with Patch Tuesday updates

Sophos Naked Security - 15 Květen, 2019 - 14:07
May 2019 Patch Tuesday fixed 79 vulnerabilities, 19 of which are classed as Critical. Here's a summary of the most notable ones. 

MI5 slapped on the wrist for 'serious' surveillance data breach

The Register - Anti-Virus - 15 Květen, 2019 - 13:38
Auditors poked around for a week after too many Peeping Toms had a trawl

Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of "certain technology environments used to store and analyse data," including that of ordinary Britons spied on by the agency.…

Kategorie: Viry a Červi

Twitter bug leaks iOS users’ location data to partner

Sophos Naked Security - 15 Květen, 2019 - 12:47
Now fixed, the bug affected some users with multiple accounts running on an iOS device.

Update iOS and Mojave now! Apple patches are out

Sophos Naked Security - 15 Květen, 2019 - 12:40
Apple has released its May 2019 security updates, taking iOS to version 12.3 and macOS Mojave to version 10.14.5.

Facebook sues app developer Rankwave over data misuse

Sophos Naked Security - 15 Květen, 2019 - 12:35
The suit says Rankwave used Facebook user data for targeted marketing and ignored its cease-and-desist letter.

First 11 partners of VB2019 announced

Virus Bulletin News - 15 Květen, 2019 - 12:24
We are excited to announce the first 11 companies to partner with VB2019, whose support will help ensure a great event.

Read more
Kategorie: Viry a Červi

Spam and phishing in Q1 2019

Kaspersky Securelist - 15 Květen, 2019 - 12:00

Quarterly highlights Valentine’s Day

As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites.

But most often, users were invited to order gifts for loved ones and buy medications such as Viagra. Clicking/tapping the link in such messages resulted in the victim’s payment details being sent to the cybercriminals.

New Apple products

Late March saw the unveiling of Apple’s latest products, which fraudsters were quick to pounce on, as usual. In the run-up to the event, the number of attempts to redirect users to scam websites imitating official Apple services rose significantly.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Growth in the number of attempts to redirect users to phishing Apple sites before the presentation (download)

Fake Apple ID login pages

Scammers polluted Internet traffic with phishing emails seemingly from Apple to try to fool recipients into following a link and entering their login credentials on a fake Apple ID login page.

Fake technical support

Fake customer support emails are one of the most popular types of online fraud. The number of such messages has grown quite significantly of late. Links to fake technical support sites (accompanied by rave reviews) can be seen both on dedicated forums and social networks.

Fake “Kaspersky Lab support service” accounts

All these profiles that we detected in Q1 have one thing in common: they offer assistance in matters related to one or another company products, with the promise of specially trained, highly qualified staff supposedly ready and waiting to help. Needless to say, it is not free. Not only do users not have their issue resolved, they are likely to be defrauded as well.

New Instagram “features”

Last year, we wrote that phishers and other scammers had moved beyond mailing lists and into the realm of the popular social network Instagram. This trend continued, with fraudsters exploiting the service to the full — not only leaving links to phishing resources in comments, but also registering accounts, paying for advertising posts, and even enticing celebrities to distribute content.

Cybercriminal advertisers use the same methods to lure victims by promising products or services at what seems a great price.

As usual in such schemes, the “buyer” is asked for all sorts of information, from name to bank details. It goes without saying that all the user gets is their private data compromised.

Mailshot phishing

In Q1, we registered several phishing mailings in the form of automatic notifications seemingly on behalf of major services in charge of managing legitimate mailing lists. Scammers tried to force recipients to follow the phishing links under the pretext of verifying an account or updating payment information. Sometimes fake domains were used with names similar to real services, while other times hacked sites redirected the victim to a fake authorization form.

Financial spam through the ACH system

In Q1, we observed a large surge in spam mailings aimed at users of the Automated Clearing House (ACH), a US-based e-payment system that processes vast quantities of consumer and small-business transactions. These mailings consisted of fake notifications about the status of transfers supposedly made by ordinary users or firms. Such messages contained both malicious attachments (archives, documents) and links to download files infected with malware.

“Dream job” offers from spammers

In Q3, we registered spam messages containing “dream job” offers. This quarter, we logged another major mailing topic: messages were sent supposedly on behalf of well-known companies sure to attract lots of potential applicants. Recipients were invited to register in the job search system for free by installing a special app on their computer to access the database. When trying to download the program from the “cloud service,” the user was shown a pop-up window titled DDoS Protection and a message with a link pointing to the site of an online recruitment company (the names of several popular recruitment agencies were used in the mailing). If the user followed it, a malicious DOC file containing Trojan.MSOffice.SAgent.gen was downloaded to their computer, which in turn downloaded Trojan-Banker.Win32.Gozi.bqr onto the victim’s machine.

Ransomware and cryptocurrency

As we expected, cybercriminal interest in cryptocurrency did not wane. Spammers continue to wring cryptocurrency payments out of users by means of “sextortion” — a topic we wrote about last year.

In Q1 2019, we uncovered a rather unusual scam mailing scheme whereby cybercriminals sent messages in the name of a CIA employee allegedly with access to a case file on the recipient for possession and distribution of digital pornographic materials involving minors.

The fictitious employee, whose name varied from message to message, claimed to have found the victim’s details in the case file (which were actually harvested from social networks/online chats/forums, etc.). It was said to be part of an international operation to arrest more than 2,000 pedophilia suspects in 27 countries worldwide. However, the “employee” happened to know that the victim was a well-off individual with a reputation to protect — for which a payment of 10,000 dollars in bitcoin was demanded.

Playing on people’s fear of private data being disclosed, the scammers employed the same tricks as last year, mentioning access to personal data, compromising pornographic materials, etc. But this time, to make the message more convincing and intimidating, a CIA officer was used as a bogeyman.

Malicious attacks on the corporate sector

In Q1, the corporate sector of the Runet was hit by a malicious spam attack. The content imitated real business correspondence, and the messages themselves were seemingly from partners of the victim company.

We also observed malicious mailings aimed at stealing the financial information of international companies through distributing fake messages in the name of a US company allegedly providing information services. Besides the attachment, there was nothing at all in the message. The lack of text was seemingly intended to prompt the victim to open the attached document containing Trojan.MSOffice.Alien.gen, which then downloaded and installed Trojan-Banker.Win32.Trickster.gen on the computer.

Attacks on the banking sector

Banks are firmly established as top phishing targets. Scammers try to make their fake messages as believable as possible by substituting legitimate domains into the sender’s address, copying the layout of official emails, devising plausible pretexts, etc. In Q1, phishers exploited high-profile events to persuade victims of the legitimacy of the received message — for example, they inserted into the message body a phrase about the Christchurch terror attack. The attackers hoped that this, plus the name of a New Zealand bank as the sender, would add credibility to the message. The email itself stated that the bank had introduced some new security features that required an update of the account details to use.

The link took the user to a phishing site mimicking the login page of the New Zealand bank in question. All data entered on the site was transferred to the cybercriminals when the Login button was clicked/tapped.

Statistics: spam Proportion of spam in mail traffic

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Proportion of spam in global mail traffic, Q4 2018 – Q1 2019 (download)

In Q1 2019, the highest percentage of spam was recorded in March at 56.33%. The average percentage of spam in global mail traffic came to 55.97%, which is almost identical (+0.07 p.p.) to Q4 2018.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Proportion of spam in Runet mail traffic, Q4 2018 – Q1 2019 (download)

Peak spam in traffic in the Russian segment of the Internet came in January (56.19%). The average value for the quarter was 55.48%, which is 2.01 p.p. higher than in Q4.

Sources of spam by country

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Sources of spam by country, Q1 2019 (download)

As is customary, the top spam-originating countries were China (15.82%) and the US (12.64%); the other Top 3 regular, Germany, was down to fifth place in Q1 (5.86%), ceding third place to Russia (6.98%) and allowing Brazil (6.95%) to sneak into fourth. In sixth place came France (4.26%), followed by Argentina (3.42%), Poland (3.36%), and India (2.58%). The Top 10 is rounded off by Vietnam (2.18%).

Spam email size

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Spam email size, Q4 2018 – Q1 2019 (download)

In Q1 2019, the share of very small emails (up to 2 KB) in spam increased against Q4 2018 by 7.14 p.p. to 73.98%. The share of 2–5 KB messages fell to 8.27% (down 3.15 p.p.). 10–20 KB messages made up 5.11% of spam traffic, up 1.08 p.p. on Q4. The share of messages sized 20–50 KB amounted to 3.00% (0.32 p.p. growth against Q4 2018).

Malicious attachments: malware families

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

TOP 10 malicious families in mail traffic, Q1 2019 (download)

In Q1 2019, the most common malware in mail traffic turned out to be Exploit.MSOffice.CVE-2017-11882, with a share of 7.73%. In second place was Backdoor.Win32.Androm (7.62%), and Worm.Win32.WBVB (4.80%) took third. Fourth position went to another exploit for Microsoft Office in the shape of Exploit.MSOffice.CVE-2018-0802 (2.81%), while Trojan-Spy.Win32.Noon (2.42%) rounded off the Top 5.

Countries targeted by malicious mailshots

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Countries targeted by malicious mailshots, Q1 2019 (download)

First place in the Top 3 countries by number of Mail Anti-Virus triggers yet again went to Germany (11.88%). It is followed by Vietnam (6.24%) in second position and Russia (5.70%) in third.

Statistics: phishing

In Q1 2019, the Anti-Phishing system prevented 111,832,308 attempts to direct users to scam websites. 12.11% of all Kaspersky Lab users worldwide experienced an attack.

Attack geography

In Q1 2019, as in the previous quarter, the country with the largest share of users attacked by phishers was Brazil with 21.66%, up 1.53 p.p.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Geography of phishing attacks, Q1 2019 (download)

In second place up from eighth was Australia (17.20%), adding 2.42 p.p. but still 4.46 p.p. behind top-place Brazil. Spain rose one position to 16.96% (+0.87 p.p.), just above Portugal (16.86%) and Venezuela (16.72%) propping up the Top 5.

Country %* Brazil 21.66 Australia 17.20 Spain 16.96 Portugal 16.81 Venezuela 16.72 Greece 15.86 Albania 15.11 Ecuador 14.99 Rwanda 14.89 Georgia 14.76

*Share of users on whose computers Anti-Phishing was triggered out of all Kaspersky Lab users in the country

Organizations under attack

The rating of attacks by phishers on different categories of organizations is based on detections by Kaspersky Lab’s Anti-Phishing component. It is activated every time the user attempts to open a phishing page, either by clicking a link in an email or a social media message, or as a result of malware activity. When the component is triggered, a banner is displayed in the browser warning the user about a potential threat.

This quarter, the banking sector remains in first place by number of attacks — the share of attacks on credit organizations increased by 5.23 p.p. against Q4 last year to 25.78%.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","");

Distribution of organizations subjected to phishing attacks by category, Q1 2019 (download)

Second place went to global Internet portals (19.82%), and payment systems — another category that includes financial institutions — finished third (17.33%).


In Q1 2019, the average share of spam in global mail traffic rose by 0.06 p.p. to 55.97%, and the Anti-Phishing system prevented more than 111,832,308 redirects to phishing sites, up 35,220,650 in comparison with the previous reporting period.

As previously, scammers wasted no opportunity to exploit high-profile media events for their own purposes (Apple product launch, New Zealand terror attack). Sextortion has not gone away — on the contrary, to make such schemes more believable, cybercriminals have come up with new cover stories about the message senders.

On top of all that, attackers continue to use social networks to achieve their goals, and have launched advertising campaigns using celebrities to extend their reach.

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry

The Register - Anti-Virus - 15 Květen, 2019 - 03:48
Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix

Patch Tuesday  It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003.…

Kategorie: Viry a Červi

Microsoft Patches Zero-Day Bug Under Active Attack - 14 Květen, 2019 - 22:49
Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.
Kategorie: Viry a Červi

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More - 14 Květen, 2019 - 22:31
A massive update addresses the breadth of the computing giant's product portfolio.
Kategorie: Viry a Červi

Intel CPUs Impacted By New Class of Spectre-Like Attacks - 14 Květen, 2019 - 20:01
Intel has disclosed a new class of speculative execution side channel attacks.
Kategorie: Viry a Červi

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws

The Register - Anti-Virus - 14 Květen, 2019 - 19:00
Intel CPUs dating back a decade are vulnerable to latest cousin of Spectre

Intel on Tuesday plans to release a set of processor microcode fixes, in conjunction with operating system and hypervisor patches from vendors like Microsoft and those distributing Linux and BSD code, to address a novel set of side-channel attacks that allow microarchitecture data sampling (MDS).…

Kategorie: Viry a Červi

Adobe Addresses Critical Adobe Flash Player, Acrobat Reader Flaws - 14 Květen, 2019 - 18:18
Adobe has issued patches for 87 vulnerabilities on Patch Tuesday - the bulk of which exist in Adobe's Acrobat and Reader product.
Kategorie: Viry a Červi

Linux Kernel Flaw Allows Remote Code-Execution - 14 Květen, 2019 - 17:21
The bug is remotely exploitable without authentication or user interaction.
Kategorie: Viry a Červi

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks - 14 Květen, 2019 - 14:58
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones.
Kategorie: Viry a Červi

Cynet: An Autonomous Security Platform for Any Size Organization - 14 Květen, 2019 - 14:00
Cynet  protects the entire internal environment – including hosts, files, users and the network.
Kategorie: Viry a Červi

Update WhatsApp now! One call could give spies access to your phone

Sophos Naked Security - 14 Květen, 2019 - 13:51
A WhatsApp zero-day has allowed an “advanced cyber actor” to successfully install spyware on victims' phones with no more than a phone call.

White label SOS panic buttons can be hacked via SMS

Sophos Naked Security - 14 Květen, 2019 - 12:44
A Chinese white-label panic alarm used by elderly and vulnerable people can be remotely controlled by sending it simple SMS commands.
Syndikovat obsah