Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Kaspersky Lab Highlights the Threat Landscape of April 2012

Kaspersky Lab UK : 17 May, 2012  (Technical Article)
Spam campaigns, malware for mobile devices and a rise in attacks on MAC OS X systems characterise threats during April
Mac OS X Malware: Mass-Exploitation

In April 2012 it was reported that 700,000 Mac OS X computers worldwide were infected by the Flashback Trojan. The infected computers were combined into a botnet, dubbed “Flashfake,” which enabled cyber criminals to install additional malicious modules on them at will. One of these modules was known to generate fake search engine results.

This month, Kaspersky Lab experts published a detailed analysis of how Flashfake infected users’ computers. The analysis also identified WordPress blogs that were compromised at the end of February 2012 and early March 2012 as the main source for spreading the Flashfake infection. Approximately 85 per cent of the compromised blogs were located in the US.

The key take-away of this malicious campaign was the evolution of the cyber criminals’ attack methods. Rather than solely relying on social engineering to infect computers, the Flashfake cyber criminals started using exploits that targeted Java vulnerabilities, which accelerated the infection to a mass-exploitation of Mac OS X computers.

New Spam Campaigns using the Blackhole Exploit Kit

Kaspersky Lab reported two spam campaigns that were using the infamous Blackhole Exploit Kit to install malware. The first instance was on Twitter, where more than 500 accounts were compromised. The spam campaign was sending embedded links to users that redirected them to malicious sites hosting the Blackhole Exploit Kit. The sites installed scareware on victims’ computers in the form of fake anti-virus notifications, which prompted the user to scan their system for infection.

The second instance was an email phishing campaign that began at the end of March 2012, where people were receiving fake US Airways emails. Cyber criminals sent the phishing emails in an attempt to trick people into clicking on embedded links that offered "online reservation details," which included flight check-in options. If users clicked on any of the links they were taken to a fake website containing a Blackhole Exploit Kit filled with banking malware. The banking malware installed itself on the user’s computer and stole their banking credentials.  These spam messages were sent out in mass quantities, with the cyber criminals anticipating a certain number of people would have flights booked with US Airways (which would get them to click on the links).

Android users in Japan are under attack

At the beginning of April, a new type of Android malware was discovered in Japan. Unfortunately, in this instance almost 30 different malicious apps are available on Google Play and at least 70,000 users have downloaded one of them. This particular piece of malware is able to connect to a remote server. If the connection is successful, it downloads an MP4 video file. It is also capable of stealing sensitive information from an infected device, including contact names, email addresses and phone numbers of people from the victim’s contact list. The malware uploads the stolen data to a remote server. Kaspersky Mobile Security detects this threat as Trojan.AndroidOS.FakeTimer.


Mobile malware, which is controlled via SMS messages, is gaining more and more popularity. In April, another backdoor Trojan named TigerBot was discovered. This piece of malware masks itself after the infection and doesn’t show any kind of existence on the home screen of the device. Various commands to infected phones could lead to cyber criminals recording phone calls, stealing GPS coordinates, sending SMS messages or changing network setups. All of these features may result in serious information leakage for infected users.  Fortunately, there was no evidence that TigerBot was (or is) available on Google Play. However, it is still important for users to be careful when installing applications from any source. Kaspersky Mobile Security detects this threat as Backdoor.AndroidOS.TigerBot.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo