Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2008 >>
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Viruslist poll
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog / December 2008

Analyst's Diary

Malware Miscellany, November 2008


  Yury       December 19, 2008 | 12:05  GMT

comments (2)  


  • Greediest Trojan targeting banks
    Trojan-Spy.Win32.Egoldan.az targets the users of 20 banking systems (a relatively low number when compared to previous winners of this category.)
  • Greediest Trojan targeting payment systems and payment cards
    Trojan.Win32.Obfuscated.gen wins both categories in November by targeting 4 payments systems and 3 payment card systems simultaneously.
  • Stealthiest malicious program
    Trojan-PSW.Win32.LdPinch.beo is packed with 9 different utilities.
  • Smallest malicious program
    The 22 bytes of Trojan.BAT.Shutdown.g enable it to automatically launched and then force the victim machine into constantly rebooting.
  • Largest malicious program
    Trojan-Banker.Win32.Banker.kum is 19MБ in size, which is very small in comparison with previous winners of this category.
  • Most widespread malicious code which exploits a vulnerability
    Exploit.JS.RealPlr.nn made up more than 8% of all malicious content in December.

  • Most common malicious program on the Internet
    Trojan-Downloader.JS.Iframe.yv was responsible for 4% of all malicious content detected on the web during November 2008.
  • Most common Trojan program
    There were 1723 new modifications of Trojan.Win32.Agent this month.
  • Most common virus/ worm family
    Again, Worm.Win32.AutoRun wins this category, but with only 337 new modifications – a significant increase on October’s 75 new modifications.

MS issues patch for IE vulnerability


  David       December 17, 2008 | 13:56  GMT

comment  
Microsoft has now announced it will be issuing a out-of-cycle patch for the IE7 vulnerability today at 1pm EST. The patch is available via auto-update and from the Microsoft Download Center.

A patch is not just for Christmas...


  David       December 16, 2008 | 13:14  GMT

comment  
Patching systems remains an essential part of an overall security strategy. For Windows, the easiest way to stay up-to-date is to enable Automatic Updates - you can find more information here.

Here's a summary of this year's patches:

 CriticalImportantModerate
January101
February605
March040
April053
May031
June331
July004
August065
September040
October661
November011
December062

Patched security vulnerabilities in 2008

The figures above include not only regular 'Patch Tuesday' updates, but any out-of-band updates issued by Microsoft. So far this year there has been just one such update, in October.

However, you may have seen the recent Microsoft Security Advisory (961051) relating to a vulnerability found in Internet Explorer. So far no patch has been announced for this vulnerability, but we'll let you know if that changes.

You'll see that the numbers have remained relatively consistent over the last three years. You can find the 2006 chart here and the 2007 chart here.

Here's a summary of the totals for the last three years:

 CriticalImportantModerate
200649235
200743242
200845312

Patched security vulnerabilities

Wardriving in Copenhagen, Denmark


  Magnus       December 04, 2008 | 14:27  GMT

comments (1)  
We recently went on tour with some journalists through Copenhagen, the capital of Denmark, and took a quick look at the state of WiFi networks in the city. Copenhagen lies on two islands (Zealand and Amager) and is well known for its culture and the design of the city (as well as being the 14th most expensive city in the world according to Forbes List). That is the kind of information you can find in any guidebook, but what you won't find are statistics on wireless networks. So it seemed a good idea for us to take a look!



We decided to take three different routes to see if there would be any noticeable differences in terms of security. We decided not to examine the ratio of encrypted to unencrypted networks for one reason: nowadays, most unencrypted networks are hotspots offered by telecom service providers or hotels so they’re left unencrypted on purpose. The only reliable way to find out if an unencrypted network belongs to a private individual would be to connect to it - and that's something we wouldn't want to do for obvious reasons. So instead of spending time guessing if an unencrypted network is an official hotspot, we focused on secure encryption (WPA) vs. weak encryption (WEP).
Our first trip took us through the east of the city near the harbor, beginning near the Kronborg (a UNESCO World Heritage Site). We found about 1524 access points within 34 minutes – maybe not a lot, but considering that our car had to stop a couple of times, it's not bad. 23% of networks used WEP, with the other 76% using WPA.
Our second tour was round and about the city center, where a lot of companies as well as middle class households are located. Within 10 minutes, 1055 access points were detected. As you can see, about 82% of all encrypted networks used WPA, which is a very high percentage compared with some of the war driving we’ve done in the past. But given that WEP is crackable within minutes, it would of course be better if 100% of wireless networks implemented WPA.
The third and last trip led us through a part of the city where the inhabitants are both older and also wealthier than the average Copenhagen resident. They’re also obviously less concerned about encryption since only 72% of all encrypted networks used WPA. Within 9 minutes we found 1022 access points; the highest concentration of access points out of the three trips we’d made.
Finally, let's take a look at the channels used by the WiFi networks: Channel 6 was the most popular, followed by Channel 11 and Channel 1. In most WLAN-Hardware Channels 6 and 11 are used by default, and it's not really a surprise that most of the network owners hadn’t changed the default setting.



To summarize: we found 3127 encrypted networks, of which 23% used WEP and 77% WPA. The relatively high percentage of networks using WPA shows that Copenhagen overall is pretty security conscious. Even the “worst” result of 72% of networks with WPA is excellent compared to the 23% of networks using WPA which we detected in Santiago, Chile. It’ll be interesting to compare the Copenhagen results to those of other European cities which we haven’t researched yet. It seems to me I’ve got a good excuse to start booking some tickets!

 

Copyright © 1996 - 2009
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com