840 matches found
Kaspersky revealed "Kimsuky" Cyber Espionage campaign targeting South Korea
Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea., This new Cyber Espionage campaign dubbed "Kimsuky" has targeted several South Korean think tanks. Researchers believe the Kimsuky malware is mo...
Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication
Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...
Malware that turns computers into Bitcoin miners
Researchers from Kaspersky Lab have discovered a new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins. The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt. Bitcoin is a non-governmental, fully-digital currency based...
Apache Struts ParametersInterceptor Remote Code Execution
This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ParametersInterceptor Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Meder Kydyraliev', Vulnerability Discove...
PiceBOT Crimeware Kit targeting Latin America Banks
A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk Mexico & S.A.P.Z Peru and cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals...
ManageEngine Security Manager Plus 5.5 Build 5505 SQL Injection
This module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability. This module require...
New Java Zero Day Being Used in Targeted Attacks
There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...
Zeus Comes to the BlackBerry
Researchers have found several samples of a new version of the mobile version of the Zeus malware, with these newest ones targeting the BlackBerry platform. BlackBerry has not been a common target for attackers, despite the high-value user base of corporate executives and government officials, bu...
Trojan Dropper Uses Valid Certificate Issued For Swiss Company
A pair of trojan droppers affiliated with a pay-per-click scam are using valid digital signatures from a certificate that was issued for a Swiss company, according to a report on Securelist. Between December 2011 and March 7, 2012, the Kaspersky Security Network has detected around 5,000 instance...
Dropper Malware comes with DLL Hijacking Feature
Dropper Malware comes with DLL Hijacking Feature Trojans, Viruses, Worms have become the scare of the year, and with good reason. Many of the recent files are malicious in nature, causing the infected user at the very worst, to lose everything on their computer. There are few specially coded...
Windows Escalate SMB Icon LNK Dropper
This module drops a shortcut LNK file that has a ICON reference existing on the specified remote host, causing SMB and WebDAV connections to be initiated from any user that views the shortcut. This module requires Metasploit: https://metasploit.com/download Current source:...
Cross Platform Webkit File Dropper
This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the target file-system. By default, the file will be dropped in C:\Program Files\ This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
Attackers taking advantage of Epsilon !
We blogged about the Epsilon data breach to give our customers a heads-up on the situation. Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news. As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our...
Inside the Black Energy 2 Botnet
By Dmitry Tarakanov Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. One of the most popular tools is called Black Energy. To date, Kaspersky Lab has identified and implemented detection for over 4,000 modifications of this malicious program. In mid-2008 malware...
linux/x86 polymorphic Drop suid shell root /tmp/.hiddenshell 161 bytes
Exploit for linux/x86 platform in category shellcode ====================================================================== linux/x86 polymorphic Drop suid shell root /tmp/.hiddenshell 161 bytes ====================================================================== /...
Update Protection against Recent Malware Threats (1-Sep-09)
The update includes new protections against 9 recent malware threats:Backdoor-Trojan: Backdoor.Win32.Dreamy.bcTrickler: Trojan-Dropper.Win32.Agent.aqpnTrickler: Trojan-Downloader.Win32.Banload.bvkTrojan: Sus.BancDl-BTrojan: Trojan-Spy.Win32.VB.btmTrojan: Trojan-Downloader.Win32.VB.necTrojan:...
Patch coming for MS PowerPoint zero-day flaw
Exactly one month after malicious hackers started using rigged PowerPoint files to launch targeted attacks, Microsoft announced plans to ship a “critical” bulletin affecting its flagship presentation program. The PowerPoint update is the only bulletin scheduled for this month’s Patch Tuesday on M...
CVE-2006-4274
Rejected reason: Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJMDROPPER.BH. NOTE: on 20060822, it was determined that TROJMDROPPER.BH was exploiting CVE-2006-0009, so this is n...
VulnCheck KEV: CVE-2006-0009
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJMDROPPER.BH and Trojan.PPDropper.E in...
OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER
We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...