U.S. Senate votes to oust Russian security software vendor Kaspersky from federal use

 Following a directive from the Department of Homeland Security last week banning the use of Kaspersky Lab security software in the executive branch, the U.S. Senate has followed suit. On Monday, the Senate passed an amendment against Kaspersky Lab pushed forward by New Hampshire Democrat Jeanne Shaheen. Read More

U.S. government bans Kaspersky software citing fears about Russian intelligence

 Three months after the General Services Administration removed Kaspersky Lab from a list of approved federal vendors, Homeland Security is banning the Russian security software maker outright. In a statement on Wednesday, DHS Acting Secretary Elaine Duke directed all Executive Branch agencies and departments to identify any Kaspersky products being used over the next 30 days, to make a plan… Read More

Kaspersky Lab turns the tables, forces “patent troll” to pay cash to end case

In October, Kaspersky Labs found itself in a situation familiar to many tech companies: it was sued (PDF) by a do-nothing patent holder in East Texas who demanded a cash settlement before it would go away.

The patent-licensing company, Wetro Lan LLC, owned US Patent No. 6,795,918, which essentially claimed an Internet firewall. The patent was filed in 2000 despite the fact that computer network firewalls date to the 1980s. The ‘918 patent was used in what the Electronic Frontier Foundation called an “outrageous trolling campaign,” in which dozens of companies were sued out of Wetro Lan’s “headquarters,” a Plano office suite that it shared with several other firms that engage in what is pejoratively called “patent-trolling.” Wetro Lan’s complaints argued that a vast array of Internet routers and switches infringed its patent.

Most companies sued by Wetro Lan apparently reached settlements within a short time, a likely indicator of low-value settlement demands. Not a single one of the cases even reached the claim construction phase. But Kaspersky wouldn’t pay up.

Read 11 remaining paragraphs | Comments

More pseudo-ransomware attacks are probably on the way

 The last few months saw some major malware moments, most notably the WannaCry and NotPetya (a.k.a. ExPetr/Nyetya/Petya) attacks. Kaspersky Labs’ quarterly report suggests that the trend is likely here to stay for now, as waves of increasingly sophisticated hacks further the veiled aims of shadowy individual actors and governments alike. Read More

Kaspersky Lab releases free antivirus software in global push

 Kaspersky Lab has launched a free version of its antivirus software in the U.S. with plans for a global rollout over the next four months. Called Kaspersky Free, the software provides the core essentials, including email and desktop antivirus protection, the ability to quarantine infected files, as well as automated updates. The free version lacks some of the premium features users can… Read More

More than half of major malware attack’s victims are industrial targets

 A new report from cybersecurity firm Kaspersky Labs examining the targets — and intended effects — of this week’s massive malware attack comes up with some significant insights. The attack, initially believed to be a variation of commercial malware software known as Petya, appeared to be a vast ransomware scheme. As the story developed, it became clear that the attack was… Read More

New Linux rootkit injects malicious HTML into Web servers

A newly discovered form of malware that targets Linux servers acting as Web servers allows an attacker to directly inject code into any page on infected servers—including error pages. The rootkit, which was first publicly discussed on the Full Disclosure security e-mail list on November 13, appears to be crafted for servers running the 64-bit version of Debian Squeeze and NGINX.

An analysis of the rootkit by Kaspersky Labs found that the malware inserts HTML iframe elements into every page served up to Web browsers connecting to the server. It does this by replacing the code that builds TCP/IP packets (tcp_sendmsg) with its own code. The malware then retrieves the code to be inserted into the iframe by connecting, botnet-like, to a command and control network with an encrypted password.

The rootkit, designated as Rootkit.Linux.Snakso.a by Kaspersky, is a new approach to drive-by downloads. They usually are based on PHP script—not code injected into the kernel of the operating system. Because the new rootkit infects the entire server and not just a specific page, the malware could affect dozens or even hundreds of websites at a time if it infects the server of a Web hosting provider.

Read 1 remaining paragraphs | Comments