The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

"Dr. Web" informed about a botnet with 1,5 million hosts

"Dr. Web" informed about a botnet with 1,5 million hosts

Software company "Dr. Web" announced about the spread of the virus Win32.Rmnet.12. The botnet, which was created by this malware, consists of 1,400,520 Windows devices.

Experts call Win32.Rmnet.12 a complex multicomponent file virus with the ability of self-replication without user's intervention. Affecting the system, the malware finds the browser used by default and embeds itself in its processes. After that it saves a hidden file in user’s startup folder, using a name generated from the name of the hard drive. A configuration file, which records all the data required for work, is created in the same folder.

Using a special algorithm the virus determines the name of the C&C server and connects to it.

“Dr. Web” experts state that the virus contains a backdoor module. Every 70 seconds this module sends requests for such sites as google.com, bing.com and yahoo.com, analyzing the speed of answers that were received. After that all the information is transmitted to C&C server via FTP protocol. The backdoor is capable of performing all the commands received from the C&C server, including download and execution of files, update and transmission of any information, and even the crash down of the operating system.

The virus spreads via network using two methods. Firstly, the malware exploits vulnerabilities in browsers. This allows to store and run the executable files, when the users visit specially crafted web-pages. Secondly, Win32.Rmnet.12 infects all .exe-files on the computer and copies itself to thumb drives.

Doctor Web claims that it gained the complete control over the botnet Win32.Rmnet.12. The experts examined the protocol which was used for data exchange between the infected machines and C&C servers, and applied the sinkhole-method, which was also used to study the Flashback botnet.

The majority of systems infected by Win32.Rmnet.12 is located in Indonesia - 320,014, which accounts for 27,12% of all botnet hosts. Number of bots in Russia is 43,153, i.e. 3.6% of all botnet hosts.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015