Kindsight Security Labs Malware Report – Q2 2013€¦ · Kindsight security Labs MaLware report – Q2 2013 ALCATELfiLUCENT alureon.dX is a bootkit Trojan that steals usernames,

Kindsight security Labs MaLware report – Q2 2013

2

Kindsight security Labs MaLware report – Q2 2013AlcAtel-lucent

tabLe of contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Q2 2013 Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Q2 2013 Home Network Malware Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Home Network Infection Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Top 20 Home Network Infections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Top 20 High Level Infections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Top Infections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Top 25 Most Prolific Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Q2 2013 Mobile Malware Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Mobile Device Infection Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Top Android Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Top Mobile Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Mobile Malware Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Mobile Spyware, BYOD and Corporate Espionage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Mobile Infection Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Vulnerabilities on Android Application Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Terminology and Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

About Kindsight Security Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3


IntroductIonThe Kindsight Security Labs Q2 2013 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters . The data in this report is aggregated across the networks where Kindsight solutions are deployed .

Infection rate = 10%

11%OVER PREVIOUS

QUARTER

Q2 2013 highLights

• 10%ofhomenetworkswereinfectedwithmalwareinQ2/2013,that’supfromthe9%figureintheprevious quarter .

• 6%ofbroadbandcustomerswereinfectedwithhigh-levelthreatssuchasabots,rootkits,andbanking Trojans .

• TheZeroAccessBotcontinuestobethemostcommonmalwarethreatinQ2,infectingabout0.8%ofbroadband users .

• Inmobilenetworks0.52%ofdevicesexhibitedhighthreatlevelmalware.Thisisupslightlyfromthe0.50%inQ1.Ofthese,halfwereAndroiddevicesandtheotherhalfwereWindowsdevicestetheredto the mobile network via a phone, a dongle or MiFi .

• Mobilemalwarecontinuestogrow.InQ2thenumberofsamplesincreasedbyafactorofsix.

• TheCutwailSpamBotisbeingusedtospreadAndroidmalwareviaspam(Stels/SmsSpy).

• VulnerabilitiesinAndroidapplicationsigningopennewattackvectors.

• Kindsighttodemoproof-of-conceptSpy-PhonemoduleatBlackHat2013.

4


Q2 2013 Home network malware StatIStIcShoMe networK infection rates

InfixedbroadbanddeploymentsinQ22013wefoundthat10%ofresidentialhouseholdsshowevidenceofmalwareinfection.Thishasincreasedfrom9%inQ1.6%ofhouseholdswereinfectedbyhighthreatlevelmalwaresuchasabotnet,rootkitorbankingTrojanwith5%ofhouseholdsalsoinfected with a moderate threat level malware such as spyware, browser hijackers or adware . Some households had multiple infections including both high and moderate threat level infections .

NO SIGNIFICANTCHANGE

OVER PREVIOUSQUARTER

HIGH LEVEL THREATS

Infected Moderate

Home networks infected withMalware

Division of infection byThreat Level

High

10%5%

6%

top 20 hoMe networK infections

The chart below shows the top home network infections detected in Kindsight deployments . The results are aggregated and the order is based on the number of infections detected over the three month period of this report .

ranK naMe threat LeveL % of totaL Last Quarter

1 Win32.Bot.ZeroAccess2 l High 14 .45 1

2 Win32.Adware.MarketScore l Moderate 10.16 6

3 Win32.Bot.Alureon.DX l High 7 .82 5

4 Win32.Trackware.Binder l Moderate 7 .80 2

5 Win32.Hijacker.StartPage.KS l Moderate 7 .07 4

6 Win32.BankingTrojan.Zeus l High 6.73 8

7 Win32.Spyware.MyWebSearchToolb

l Moderate 5 .24 3

8 Win32.Adware.FastSaveApp l Moderate 3 .55 New

9 Win32.Bot.Alureon.A l High 3 .12 10

10 Win32.Adware.Baidu l Moderate 2 .95 15

11 Win32.Adware.GameVance l Moderate 1 .73 11

12 Win32.Backdoor.Hupigon.DZ l High 1 .22 16

13 MAC.Bot.Flashback.K/I l High 1 .21 13

14 Win32.Hijacker.MyWebSearch l Moderate 0 .99 14

15 Win32.Downloader.Obvod.K l High 0 .89 20

16 Win32.PasswordStealer.Lolyda.B l High 0 .80 New

17 Win32.Spyware.SBU l Moderate 0 .77 New

18 Win32.Botnet.Darkness l High 0.76 New

19 Win32.ScareWare.Somoto.AMN l High 0.60 New

20 Win32.Virus.Sality.AT l High 0 .58 19

5


top 20 high LeveL infections

The table shows the top 20 high threat level malware that leads to identity theft, cybercrime or other onlineattacks.We’lllookatthetopthreeinmoredetailinthenextsection.

ranK naMe % of totaL Last Quarter

1 Win32.Bot.ZeroAccess2 25.69 1

2 Win32.Bot.Alureon.DX 13 .90 2

3 Win32.BankingTrojan.Zeus 11 .98 4

4 Win32.Bot.Alureon.A 5 .55 6

5 Win32.Backdoor.Hupigon.DZ 2 .17 9

6 MAC.Bot.Flashback.K/I 2.16 8

7 Win32.Downloader.Obvod.K 1 .58 11

8 Win32.PasswordStealer.Lolyda.B 1 .43 27

9 Win32.Botnet.Darkness 1 .35 43

10 Win32.ScareWare.Somoto.AMN 1 .08 18

11 Win32.Virus.Sality.AT 1 .04 10

12 Win32.ScareWare.FakeXPA 0 .99 13

13 Win32.Trojan.Medfos.A 0 .92 18

14 Spam.GenericSpambot 0.86 15

15 Win32.Trojan.Bunitu.B 0 .80 29

16 Win32.Backdoor.Qakbot.gen!B 0.64 31

17 Win32.Exploit.NETAPI 0.63 32

18 Win32.Downloader.Hiloti.gen!A 0.60 20

19 Win32.Trojan.Silentbanker.A 0 .57 33

20 Win32.Downloader.Waledac.C 0 .57 16

top infections

Zeroaccess2 is a p2p bot that uses rootkit technology to conceal its presence . It downloads additional malwarethatisusedinalargescalead-clickfraud.ThisfraudcancostInternetadvertisersmillionsofdollars each day . The bandwidth utilization is moderate at any given time, but when aggregated over amonthcanbequitesignificantfortheuser.Wehaveobservedthisbotconsumingupto45Gigofbandwidth over a month . A variant also makes money through bitcoin mining . Due to the p2p nature of thisinfectiontheC&CiseverywherewithheavyconcentrationsofinfectionintheUS,EuropeandAsia.

April 16 May 1 May 16 June 1 June 16 July1

Name: Win32.Bot.ZeroAccess2ID: 512061170Signature State: ActiveType: BotClass: CybercrimeLevel: High

Infections

MAP: WIN32.BOT.ZEROACCESS2

6


alureon.dX is a bootkit Trojan that steals usernames, passwords and credit card information and uploadstheinformationtoaremotecommand&controlserver.Itwasfirstseenin2006andhasevolved through variety of versions since then . It gets control of the device by rewriting the master bootrecordandactivelyconcealsitselffromanti-virussoftware.C&CserversarelocatedintheUS, UKandtheNetherlandsasshowninthemapbelow.

Apr-13 May-13April 16 May 1 May 16 June 1 June 16 July1

Name: Win32.Alureon.DXID: 511063001Signature State: ActiveType: BotClass: CybercrimeLevel: High

Infections

MAP: WIN32.ALUREON.DX

Zeus/Zbot isabankingTrojanthathasbeenaroundinvariousformssince2007.Zeushasevolvedconsiderably since then and continues to cause havoc . The most recent version uses an encrypted p2p commandandcontrolprotocol.Thisbotattachesitselftothevictim’sbrowserandmonitorsonlinebanking activity . Banking credentials and credit card numbers are then sent back to a command and controlsite.Overtheyears,variousversionsofZeushavebeenresponsibleformillionsofdollarsinonlinebackingfraud.Commandandcontrolsitesaredistributedglobally,withconcentrationsintheUS,Europe and China .


Name: Win32.BankingTrojan.Zeus/ZbotID: 5001000Signature State: ActiveType: BotClass: CybercrimeLevel: High

Infections

MAP: WIN32.BANKINGTROJAN.ZEUS/ZBOT

7


top 25 Most proLific threats

The chart below shows the top 25 most prolific malware found on the Internet . The order is based on the number of distinct samples we have captured from the Internet at large . Finding a large number of samples indicates that the malware distribution is extensive and that the malware author is making a seriousattempttoevadedetectionbyanti-virusproducts.

MOST PROLIFIC MALWARE

Adware:Win32/Hotbar

TrojanDropper:Win32/Lamechi.B

TrojanDropper:Win32/Loring

PWS:Win32/OnLineGames.AH

PWS:Win32/Zbot

Worm:Win32/Allaple.A

Worm:Win32/Ainslot.A

Trojan:Win32/Ramnit.C

Trojan:Win32/Killav.DR

Worm:Win32/Vobfus

Trojan:Win32/Ramnit.A

Rogue:Win32/Winwebsec

Worm:Win32/Fesber.A

TrojanDropper:Win32/Gepys. A

Virus:Win32/Sality.AT

TrojanDropper:Win32/VB.IL

Trojan:Win32/Urausy.C

Worm:Win32/Gamarue.N

Worm:Win32/Fesber.F

Backdoor:Win32/Fynloski.A

Virus:Win32/Sality.AM

Worm:Win32/Solern.L

Trojan:Win32/Ramnit.D

Worm:Win32/Nofear.C@mm

Trojan:Win32/Otran

0.00% 0.50% 1.00% 1.50% 2.00% 2.50% 3.00% 3.50%

8


Q2 2013 mobIle malware StatIStIcS MobiLe device infection rates

Inmobilenetworkswefoundthat0.52%ofdeviceswereinfectedwithhighthreatlevelmalware.Thisisslightlyupfromthe0.50%wereportedlastquarter.ThevastmajorityofinfecteddevicesareeitherAndroidphonesorWindowslaptopstetheredtoaphoneonconnecteddirectlythroughamobileUSBstickorMIFIhub.TheinfectionrateamongAndroiddevicesisactuallyover1.0%.

DEVICE TYPE

January

Android

Windows

0

10

20

30

40

50

60

70

80

90

100

February March April May June

As you can see in the chart above, Android infections are now starting to dominate . Infections on iPhone,Blackberryandotherdevicesmakeuplessthan1%oftheinfectionsweseeinthenetwork.

top android MaLware

The table below shows the top 20 Android malware detected in Q2 in the networks where the Kindsight Mobile Security solution is deployed .

position MaLware naMe % of totaL Last Quarter

1 Adware.Uapush.A 53.65% New

2 Trojan .Qdplugin 22.79% 1

3 Trojan.Wapsx 8.02% 2

4 Spyware .SpyBubble .B 6.18% 3

5 Spyware .SpyMob .a 3.01% New

6 Trojan.Coogos.A!tr 3.01% New

7 Trojan .Phonerecon .A 0.84% New

8 Trojan.GGTracker 0.49% 6

9 Trojan .Malebook 0.30% 28

10 Trojan .MMarketPay .a 0.29% 5

11 Trojan .Opfake .a 0.25% 7

12 Trojan .Pjapps3 .A 0.16% 9

13 Spyware .FlexiSpy 0.15% 12

14 Spyware .MobileSpy 0.13% 8

15 Trojan .Anserver .A 0.08% 11

16 Trojan .SMSBoxer 0.07% 27

17 BankingTrojan .FakeToken 0.05% New

18 Spyware .Spyoo 0.02% 18

19 Trojan .DroidKungFu .A 0.02% 17

20 Trojan .DroidDream 0.01% 14

9


For the most part these are all “trojanized” apps that steal information about the phone or send SMS messages, but the list also includes banking Trojans that intercept access tokens for banking web sites and spyware applications that are used to spy on family members or associates .

top MobiLe threats

uapush.a is a moderate threat level Android adware Trojan that also sends SMS messages and steals information from the compromised device . Activity on this has increased steadily since April . The malware has its web based C&C site located in China .


Name: Android.Adware.Uapush.A Signature ID: 2805862Signature State: ActiveType: AdwareClass: SpywareLevel: Moderate

Infections

MAP: ANDROID.ADWARE.UAPUSH.A

Qdplugin is an Android Trojan that downloads and installs adware applications that steal information from the phone such as IMEI, IMSI and country code . The malware is distributed as a repackaged version of legitimate games . The malware opens a command and control connection to a remote serverlocatedintheUS.Thepurposeofthisappearstobetoprovideremotecontroloftheadwareapplications . The infection rate has leveled off over the past two months .


Name: Android.Trojan.Qdplugin ID: 512111301Signature State: ActiveType: TrojanClass: Identity TheftLevel: High

Infections

MAP: ANDROID.TROJAN.QDPLUGIN

10


MobiLe MaLware saMpLes

Another indication of Android malware growth is the increase in the number of samples in our malware database . The chart below shows numbers for the past year . In Q2 alone there has been a six fold increase in the number of Android malware samples .

Jul-12

MOBILE MALWARE SAMPLES

140000

20000

0Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13

40000

60000

80000

100000

120000

MobiLe spyware, byod and corporate espionage

In our last report we discussed how mobile spyware, such as MobileSpy and FlexiSpy, is on the rise . These products can be legitimately used to keep track of your children, but often they are marketed to catch cheating lovers and for other more dubious purposes .

Thisquarter’sdetectionresultsconfirmthatthistrendcontinueswiththeadditionofPhoneRecon,Spybubble, SpyMob and Spyoo to the ranks .

In the BYOD context these spyware applications pose a huge threat because they can be installed surreptitiouslyonanemployee’sphoneandusedforindustrialorcorporateespionage.Themobilephoneisalsoafullyfunctionalnetworkdevice.WhenconnectedtothecompanyWifi,theinfectedphone provides the attacker with remote access to the network and the ability to probe the network forvulnerabilitiesandassets.Itistheperfectplatformforlaunchingadvancedpersistentthreats(APT).

11


Inordertodemonstratethepowerofasmartphoneasacyber-espionagedevice,Kindsighthasdevelopedaproof-of-conceptspy-phonesoftwaremodulethatcanbeinjectedintojustaboutanyAndroid application . From a remote web based command center the attacker can:

• Trackthephone’slocation

• Downloadcontactlists&personalinformation

• Interceptandsendmessages

• Recordconversations

• Takepictures

This will be demonstrated at the session “How to Build a Spyphone” at Black Hat 2013 in Las Vegas .

MobiLe infection vectors

UntilnowmostmobilemalwareisdistributedastrojanizedappsthataredistributedfromGooglePlay, legitimate third party app stores or some of the shadier app stores that specialize in pirated applications.Googlehasmadeeffortsthroughtheir“Bouncer”programtoscanandremoveanyappsthat contain malware, but some always slip through . Many of the third party app stores make no effort to check for apps containing malware .

Recently the Cutwail spambot has been enlisted to help distribute the Android “Stels” Trojan . In the past Cutwail has been used to lure victims to Blackhole infested web sites, but now it is sending spam to people encouraging them to install a fake Flash Player update that actually installs the Stels Trojan which then makes money by sending premium SMS messages during the night . Note that the user still hastoconfiguretheirphoneto“allowinstallationonnon-Marketapplications”,butinstructionsareprovided on how to do this .

vuLnerabiLities on android appLication signing

The Android security model has been known to be weak for some time, but research has turned up additional weaknesses in the handling of application signatures . All Android application must be signed cryptographically.Normallythiswouldallowyoutoverifytheidentityoftheapplication’sauthorandverifythattheapplicationhasnotbeentamperedwith.UnfortunatelyonAndroidtherearetwoseriousproblems with this:

• any old signature will do – Whenanappisinstalled,theAndroidoperatingsystemchecksthatthe app has been signed, but makes no attempt to verify that the signature is legitimate . Any old signaturewilldo.Appsareroutinelysignedwithself-signedcertificates.Thisallowsthe“signer”toput whatever information they want into the certificate . There does not appear to be any means for the user to display the certificate information anyway . This makes it incredibly easy to make pirated copies of applications with Trojan services injected into them .

As part of our demonstration at the Black Hat 2013 conference, we will show how to take a popular Android game, inject a SpyPhone service into it and then sign it for distribution . The victim has no way of knowing that the app has been tampered with and can only assume that they have a legitimate copy of the game .

• signature not checked at runtime – The digital signature is only checked during the installation process . It is not checked when the application is run . BlueBox Security has recently shown that you can actually modify the APK file of an existing application without the system raising an alarm . This allows the attacker to inject malicious code into existing applications . The injected malware code will be able to take advantage of any special permissions or privileges that the compromised application already has .

https://www.blackhat.com/us-13/briefings.html%23McNamee

http://www.blackhat.com/us-13/

12


concluSIonIn the broadband network space, Q2 was pretty much a continuation of Q1 in terms of network malware activity . There was some jockeying for position in the top 20s lists, but nothing really new hit thesceneinQ2.Theresidentialmalwareinfectionratecontinuestoberoundaboutthe10%levelwhichwasupslightlyfromthe9%thatwasseeninQ1.ZeroAccesscontinuedtobethemostwidespreadinfectionwithinfectionratesofupto1%insomenetworks.ThemajorthreatvectorcontinuestobecompromisedWebsiteshostingexploitkitssuchasBlackholewithgenericspambasedphishingattacksdriving users to those sites . Spam volume leveled off in Q2 after increasing in Q1 .

On the mobile front the infection rates observed in the network continue to be fairly low with an averageinfectionrateofabout0.52%.Androiddevicesarethemosttargeted,withtrojanizedappsfromGooglePlayandthirdpartyappstoresbeingthemajorinfectionvector.Therehasyettobeamajormalware epidemic that can spread directly from one mobile device to another . In the mobile space, the malware is making money through sending premium SMS messages and information theft associated with adware and spam . There have been some attempts to extort money based on fake security software . Spyphones applications are also increasing and could become a significant threat when applied to the BYOD and APT scenarios .

termInology and defInItIonSThis section defines some of the terminology used in the report .

terM definition

Advanced Persistent Threat(APT)

Atargetedcyber-attacklaunchedagainstacompanyorgovernmentdepartmentbyprofessional hackers using state of the art tools, usually with information theft as the main motivation .

Infection Vector Themechanismusedtoinfectacomputerornetworkdevice.Forexample,inWindowscomputers the most popular infection vector is web based exploit kits whereas on the Android phone it is Trojanized applications .

Bot An infected computer that is part of a botnet . A botnet is a network of infected computersthatcontrollerremotelyviatheInternetbycyber-criminals.Botnetsareusedforsendingspame-email,ad-clickfraud,distributeddenialofserviceattacks,distributing additional malware, bitcoin mining and a variety of other purposes .

Root-kit Amalwarecomponentthatcompromisesthecomputer’soperatingsystemsoftwareforthepurposesofconcealingthemalwarefromanti-virusandotherdetectiontechnologies .

Trojans Computer programs or applications that look fine on the surface, but actually contain malware hidden inside . From the term Trojan Horse .

High/Moderatethreatlevel Kindsight splits malware into High and Moderate threat levels . High is any threat that does damage, steals personal information or steals money . A moderate threat is one that does no serious damage, but will be perceived by most as annoying and disruptive .

Ad-clickfraud Advertiserspaymoney,typicallyafewcents,whensomeoneclicksonaWebbasedadvertisement.Ad-clickfraudiswhensomeoneusessoftwaretofaketheseadclicksandcollectmoneyfromtheadvertisersforthefakeclicks.Typicallythead-clicksoftwareispackagesasmalwareanddistributedthroughabotnetthatiscontrolledbycyber-criminalswhomakemoneyfromthead-clickfraud.

Bitcoin mining Bit-coinsareaformofvirtualcybercurrencythatcanbecreatedthroughcomplexarithmetic calculations that take a lot of computing power to perform . The process of executing these calculations to generate new bitcoins is referred to as bitcoin mining . Cyber-criminalsuselargebotnetstoefficientlygeneratenewbitcoins.

www.alcatel-lucent.comAlcatel,Lucent,Alcatel-LucentandtheAlcatel-LucentlogoaretrademarksofAlcatel-Lucent. All other trademarks are the property of their respective owners . The information presented is subject to change without notice . Alcatel-Lucentassumesnoresponsibilityforinaccuraciescontainedherein.Copyright©2013Alcatel-Lucent.Allrightsreserved. NP2013071999(July)

about kIndSIgHt SecurIty labS Kindsight Security Labs focuses on the behavior of malware communications to develop network signatures that specifically and positively detect current threats . This approach enables the detection of malware in the service provider network and the signatures developed form the foundation of Kindsight Security Analytics, Kindsight Broadband Security and Kindsight Mobile Security solutions .

To accurately detect that a user is infected, our signature set looks for network behavior that provides unequivocalevidenceofinfectioncomingfromtheuser’scomputer.Thisincludes:

• Malwarecommandandcontrol(C&C)communications

• Backdoorconnections

• Attemptstoinfectothers(e.g.exploits)

• Excessivee-mail

• DenialofService(DoS)andhackingactivity

There are four main activities that support our signature development and verification process .

1 . Monitor information sources from major security vendors and maintain a database of currently active threats .

2. Collectmalwaresamples(>10,000/day),classifyandcorrelatethemagainstthethreatdatabase.

3 . Execute samples matching the top threats in a sandbox environment and compare against our current signature set .

4. Conductadetailedanalysisofthemalware’sbehaviorandbuildnewsignaturesifasamplefails to trigger a signature

As an active member of the security community, Kindsight Security Labs also shares this research by publishing a list of actual threats detected and the top emerging threats on the Internet and this report .

Kindsightisanetwork-basedsecurityproductlinewithinAlcatel-Lucent’sPlatformBusiness.TheKindsight portfolio enables Internet service providers and mobile network operators to detect threats, send alerts, block infected devices and protect subscribers . It also analyzes Internet traffic for malware and pinpoints infected devices to identify risks and take action . To generate revenue and increase brand loyalty,Kindsightalsoenablescommunicationproviderstolaunchdifferentiated,value-addedservicesthatcombinenetwork-basedanddevice-basedsecurityforcompleteprotection.

Documents

Kindsight Security Labs Malware Report – Q2 2013€¦ · Kindsight security Labs MaLware report – Q2 2013 ALCATELfiLUCENT alureon.dX is a bootkit Trojan that steals usernames,