Shunichi Imano's blog

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292).

Recently, a new threat called Android.Fakeneflic has taken advantage of gaps in the availability of a legitimate video streaming service in order to target mobile users in North America.

The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack.

Recent Distributed Denial of Service (DDoS) attacks on a number South Korean websites have been in news for the past week. The threat responsible for carrying out these attacks is Trojan.Koredos.

Zbot, otherwise known as the Zeus botnet, has been around for a quite a while and has been called the "King of Bots"; it has infected millions of computers worldwide. The Zbot construction kit is on-sale and widely available in the underground community.

Motive

Symantec Security Response has become aware of a Trojan Horse we detect as Trojan.Ramvicrype. The Trojan uses the RC4 algorithm to encrypt files on compromised computers, rendering them unusable. Presence of files with a .vicrypt extension is a sure-fire sign of infection.