Kaspersky Lab experts have analyzed changes in the IT threat landscape during the third quarter of 2012. Among the most important are the cyber espionage investigations at high-level and the changes in threat geography and among the most vulnerable products.
An average of eight different vulnerabilities were detected on each unprotected computer. Two of the most commonly exploited vulnerabilities were found in the Oracle Java products, identified, respectively, on 35% and 21.7% of affected computers. Among the most vulnerable products, five Adobe programs were found, two Apple programs – QuickTime Player and iTunes – and the popular Winamp media player from Nullsoft. Automatic update mechanism introduced in the new version of Windows OS has led Microsoft products out of this top 10.
The most important incidents in the past quarter were related to activity of Madi, Gauss and Flame malware programs. Madi campaign to penetrate the computer systems ran for almost a year, targeting the infrastructure of engineering companies, government organizations, banks and universities in the Middle East. The harmful components were distributed through a set of unsophisticated and known technologies. Despite the simplicity of technology, cybercriminals managed to keep their victims under close surveillance for a long time.
Gauss, a sophisticated malware, labeled by experts as a “cyber weapon” was discovered during an investigation initiated by the International Telecommunication Union (ITU) after discovering the Flame malware. In fact, Gauss is a Trojan, “banking” type, funded by a state. In addition to espionage, the program aims to steal a variety of information about online banking systems of infected computers of users in the Middle East. Gauss sends administrators server passwords, entered or stored in browser, cookies and configuration details of infected systems. Gauss is built on the same platform as Flame and it has some common applications, such as operation of infecting USB drivers.
Kaspersky Lab experts were able to discover new information about the command and control servers of Flame. Command and control server code has three communication protocols. It manages requests from four malware applications, which the authors have given the code name SP, SPE, FL and IP. Of these four malicious programs, only two are known today: Flame and SPE (miniFlame).
Threat geography also recorded interesting changes. A new leader was noted among the countries hosting malware, Russia (23.2%) taking the first place from the United States (20.3%) in the rankings.
In the second quarter, among the 20 countries where the risk of infecting computers via the Internet was the largest, were only countries in the former Soviet Union, Africa and Southeast Asia. In the third quarter, the top included two European countries: Italy (36.5%) and Spain (37.4%). Russia was replaced by Tajikistan as the most dangerous place to surf the internet, because 61.1% of users in this country have received alerts from antivirus when they were online.
Reply