Kindsight Blog

Discussing Identity Theft and Current Online Threats

Kindsight Security Labs Releases Q2 2013 Malware Report

Today Alcatel-Lucent’s Kindsight subsidiary released the Kindsight Security Labs Malware Report for Q2 2013. The report found that 10% of home networks and over 0.5% of mobile devices were infected with malware, both increases from the previous quarter. 

Q2 2013 home network infection rate

Kindsight Security Labs Releases Q4 2012 Malware Report

Today Kindsight released the Kindsight Security Labs Malware Report for Q4 2012. The report reveals the latest research from Kindsight on security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. This report also marks the first time that Kindsight has released annual metrics from its security research.

Mobile malware increase 67% in Q4

Kindsight Expands Mobile Security Protection

posted in:

Today, we released new features for Kindsight Mobile Security to expand the protection mobile operators can offer their subscribers. Mobile operators can now alert users of suspicious apps that would be missed by device-only security apps, block infected devices from communicating with attackers’ command-and-control (C&C) servers, and help the subscriber locate missing phones and remotely lock or wipe data from stolen phones. 

Kindsight Mobile Security network alert for suspicious app

Kindsight Security Labs Releases Q3 2012 Malware Report

Today, we released the Kindsight Security Labs Malware Report for Q3 2012. The quarterly report reveals statistics and security trends for malware infections in home networks and mobile devices, including ZeroAccess, TDSS/Alureon family (also known as TDL-4), ad-click fraud and mobile adware. Because Kindsight is embedded within service provider networks, the Security Labs team has unparalleled insight into malicious network communications traffic.

ZeroAccess botnet - 2.2 million infected in Q3

Kindsight Security Labs Releases Q2 2012 Malware Report

Today, we released the Kindsight Security Labs Malware Report for Q2 2012. The quarterly report reveals statistics and security trends for malware infections in home networks and mobile devices, including Flashback, ZeroAccess and DNSChanger. Because Kindsight is embedded within service provider networks, the Security Labs team has unparalleled insight into malicious network communications traffic.

Kindsight Security Labs Q22012 Report infection graphic

Has Your Network been “Warped”?

The Warp Trojan demonstrates a bold new method by which malware writers are forcing computers to visit their exploit sites on the Internet and recruit those systems into their army of compromised machines. Warp does this by becoming a network middleman, arranging for all local network traffic to flow through it, and then injecting a malicious URL into any passing web traffic.

This Trojan is particularly stealthy in that the injected HTML code is not obvious to the recipient of the compromised web page and should it be discovered, one would more likely conclude that the web-server itself was compromised, not that the flow of network traffic between the computers has been “Warped”. Finding the true source of that URL injection, the middle-man, on a larger network requires a network sniffer and the ability to identify the offending machine by its MAC address.

Malware Analysis: New C&C Protocol for ZeroAccess/Sirefef

We have been investigating the appearance of a new variation of the ZeroAccess/Sirefef bot. In February, we published a detailed analysis of the network behavior of this bot and the encrypted p2p protocol that it uses to communicate with its peers. The main purpose of this botnet is to distribute malware responsible for ad-click fraud.

Download the Malware Analysis Report - New C&C Protocol for ZeroAccess/Sirefef.

The traffic generated by the ad-click fraud is 0.1MBits/second when averaged out. For the infected consumer, this adds up to 32GBytes per month which it is the equivalent of downloading 45 full length movies. For the service provider, the impact on their network depends on the number of infected subscribers. The observed infection rate in mid-June was about 0.8%. This means that at any instant this bot alone is consuming 800MBits/sec of bandwidth for every 1M users on the network.

Kindsight Protects Home Networks in Saskatchewan

posted in:

SaskTel logoToday, we announced the rollout of the Kindsight Security Service with SaskTel, the leading communications provider in Saskatchewan, Canada. By deploying the network-based security service from Kindsight, SaskTel Internet Threat Detector can detect malware in subscribers’ Internet traffic, send alerts and provide step-by-step instructions on how to remove threats.

Hundreds of Thousands Could Lose Internet On July 9

Despite months of warning, hundreds of thousands of users could try to go online in July only to find that they can no longer connect to the Internet. The reason is that, on July 9, the FBI will decommission the DNS servers that it began to operate after it shut down an Estonian hacker ring in November 2011.

The takedown of the DNSChanger botnet, which consisted of over four million infected computers worldwide, in November 2011 was easily the biggest to date. However, computers that have not removed DNSChanger and reconfigured their DNS setting before July 9 will no longer be able to connect to the Internet.

DNSChanger is not the result of a single malware infection. The Kindsight Security Labs Q1 2012 Malware Report revealed that malware related to DNSChanger was the most prevalent infection with 1 in 400 households affected. Further analysis found that 1 in 625 households were still visiting the rogue DNS servers in early June and will lose Internet connectivity on July 9.

Mac Infection “Flashback” Jumps to Number One

For the first time ever, malware targeting the Macintosh platform is in the number one position on the Kindsight Security Labs home network infections list. Our detection statistics for the month of April show that about 10% of homes with Mac computers were infected with this malware which is an increase from the 7% reported last month.

Because of this ongoing high infection rate, we took a closer look on a daily basis at the number of home networks infected. The graph below shows the percentage of homes that have Macs that are still infected over the last 4 weeks. This detailed analysis shows that even though the infection rate is on the decline, it is still significant (3-6%).

Flashback infections