Monday, May 27, 2013

Threat update #3

According to Microsoft's latest threat report HTTP based malware are on the rise:

... "Detections of the generic family JS/IframeRef increased fivefold in 4Q12 after falling off significantly between 2Q12 and 3Q12. IframeRef is a generic detection for specially formed HTML inline frame (IFrame) tags that redirect to remote websites that contain malicious content. The increased IframeRef detections in 2Q12 and 4Q12 resulted from the discovery of a pair of widely used new variants in April and November 2012." ...

Here's some statistics (also from the report):

Family 1Q12 2Q12 3Q12 4Q12
JS/IframeRef* 2.3% 11.3% 1.7% 13.6%
Blacole* 7.0% 5.4% 5.0% 5.1%
JS/BlacoleRef* 3.3% 4.1% 5.8% 4.2%

More client machines infected probably means more web servers spreading the malware.

Monday, May 20, 2013

Threat update #2

Linux/Cdorked.A malware (backdoor) has been detected recently. It is known to affect Apache, nginx & Lighttpd web servers. Detailed analysis can be found here and is continued here.

It is also worth to note another Linux malware (rootkit) that has been recently found in the wild and was analyzed by CrowdStrike.

Wednesday, May 15, 2013

Threat update #1

Exploit for CVE-2013-2094 (Linux local privilege escalation vulnerability) is publicly available here.