http://www.m86security.com 120 http://www.m86security.com/images/logos/m86_logo_120x38.jpg 38 http://www.m86security.com/labs/ News and commentary about Internet-borne security threats from M86 Security. 1440 en-us Wed, 16 May 2012 23:38:59 GMT Copyright 2012 M86 Security. All Rights Reserved. webmaster@m86security.com (M86 Security Webmaster) http://www.m86security.com/rss/trace.asp http://labs.m86security.com/2012/04/m86-security-labs-now-part-of-trustwaves-spiderlabs/ http://labs.m86security.com/?p=4482 Many of you are probably already aware of the acquisition of M86 Security by Trustwave. As part of the acquisition, we are pleased to announce that M86 Security Labs is combining with Trustwave’s SpiderLabs. We are excited by the move, as we become part of a larger and more diverse team of security professionals that [...] Sun, 01 Apr 2012 07:00:00 GMT http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/ http://labs.m86security.com/?p=4455 A few weeks ago M86 Security Labs alerted that cybercriminals managed to compromise hundreds of WordPress-based sites. These attacks started with several large spam campaigns as reported in our most recent blog post on Cutwail. These emails included embedded URL links or HTML attachments that tricked the user to browse to the compromised Web sites. [...] Thu, 01 Mar 2012 07:00:00 GMT http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ http://labs.m86security.com/?p=4367 Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the first day of 2012, illustrating spikes of spam with malicious HTML attachments: Attaching an HTML file to an email is a tactic we have seen [...] Thu, 16 Feb 2012 07:00:00 GMT http://labs.m86security.com/2012/02/m86-security-threat-report-for-the-second-half-of-2011-is-now-available/ http://labs.m86security.com/?p=4357 We are releasing today our bi-annual Threat Report for 2H 2011. The report relies on M86 Security Labs analysis of spam and malware activity, including the current use of exploit kits, fraudulent digital certificates and social networking schemes. Key points from the M86 Security Labs for the second half of 2011 are: 1. Targeted attacks [...] Wed, 08 Feb 2012 07:00:00 GMT http://labs.m86security.com/2012/01/midi-files-mid-way-to-infection/ http://labs.m86security.com/?p=4335 Microsoft’s January patch MS12-004 addressed a few vulnerabilities in Windows Media components. One particular issue, CVE-2012-0003, can be exploited via Windows Media Player ActiveX, as it leverages a heap overflow occurring in ‘midiOutPlayNextPolyEvent’ function within the Windows Multimedia Library, winmm.dll. The bad guys didn’t waste time and this vulnerability is now exploited in the wild as [...] Tue, 31 Jan 2012 07:00:00 GMT http://labs.m86security.com/2012/01/massive-compromise-of-wordpress-based-sites-but-%e2%80%98everything-will-be-fine%e2%80%99/ http://labs.m86security.com/?p=4299 A few days ago, hundreds of websites, based on WordPress 3.2.1, were compromised. The attacker uploaded an HTML page to the standard Uploads folder and that page redirects the user to the Phoenix Exploit Kit. Its logs show that users from at least four hundred compromised sites were redirected to Phoenix exploit pages.  Here is [...] Mon, 30 Jan 2012 07:00:00 GMT http://labs.m86security.com/2012/01/zbot-trojan-spreads-through-fake-conedison-billing-notification-email/ http://labs.m86security.com/?p=4276 Today we came across a new malicious spam campaign that is actively sent out by the Cutwail spam botnet. The suspicious email claims to be a bill summary from the New York-based energy company Con Edison, Inc. It may use the subject line “ConEdison Billing Summary as of <DATE>” and the attachment uses the filename format [...] Fri, 13 Jan 2012 07:00:00 GMT http://labs.m86security.com/2012/01/web-hijacks-with-ajax/ http://labs.m86security.com/?p=4257 Malware authors always seem to closely monitor trends in Web security development in order to create a variety of browser-based attacks. Just to name a few, techniques such as code obfuscation, plug-in detection and affiliate management are often used. This is why we, at M86 Security, weren’t surprised to see a malicious site which loads [...] Tue, 03 Jan 2012 07:00:00 GMT http://labs.m86security.com/2011/12/prevalent-exploit-kits-updated-with-a-new-java-exploit/ http://labs.m86security.com/?p=4213 Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier. Moreover, it would take authors at least a month to update their kits with the new exploits that had been discovered in the wild. However, in the past few weeks, authors released an updated version of their [...] Fri, 16 Dec 2011 07:00:00 GMT http://labs.m86security.com/2011/12/a-new-adobe-0-day-in-the-wild-%e2%80%93-%e2%80%93-but-no-worries-you-are-already-protected-with-our-secure-web-gateway/ http://labs.m86security.com/?p=4205 Yesterday Adobe released an advisory for a vulnerability in the Adobe Reader and Adobe Acrobat products. The vulnerability, titled ‘U3D Memory Corruption Vulnerability’ was part of a targeted attack and discovered by Lockheed Martin’s Computer Incident Response Team. This is not the first time a targeted attack has been aimed at the US defense industry. [...] Wed, 07 Dec 2011 07:00:00 GMT