Today, we are very happy to congratulate people who stand guard over our security. Not those that are in uniform with epaulets, but the masters of heuristics, tirelessly fighting the evil of the world in the form of Trojans, viruses, exploits and other malware. We congratulate all information security specialists on their legal holiday!

If it were not for you, information networks would have long ago been bogged down in epidemics of every possible digital contagion. Every day you protect our computers and all kinds of gadgets from a myriad of Trojans and viruses, protecting the peaceful sky over your head . Thanks to your labors, the worldwide hydra of network crime cannot turn around. Although this reptile freaked out a lot. What do we remember the year since last Information Security Day? Alas, but during this time we had to face some very serious problems. And in general, the list of events turned out to be quite impressive. Here are some of them.

During the year, spikes of infections by the CryptoLocker Trojan periodically occur, each case being counted in several tens and hundreds of thousands of computers, mainly in the USA. CryptoLocker encrypts the RSA files on the victim's hard disk with the RSA algorithm, and then requires a ransom for the decryption key.
')
Also this year, various banking threats periodically appeared, including the following:

• GameOver Zeus : This is a p2p application that uses a decentralized network of infected PCs and servers. It is sent through spam and phishing messages, it steals usernames and passwords to access bank accounts from victims' computers. Also infected computers are included in the spamming and organization of DDoS attacks.
• Backoff : a generic name for a whole family of malware targeting retail systems (point of sale). Different representatives use different approaches to implementation in the system. The latest version is embedded in the explorer.exe process, scans the memory to find the necessary data, has a built-in keylogger, an external control module.
• Dyre : distributed in phishing emails and spam through the attached PDF file. Steals bank accounts of victims, pretending to be the Google Update Service process.

Earlier this year, a surge in the number of DDoS attacks using traffic amplification was noted. For example, the NTP (Network Time Protocol) and UDP protocols are used as attack channels.

March

Billions of devices running Android, as it turned out, have a number of vulnerabilities in the OS update module . Theoretically, this allows the malware to get almost unlimited privileges, including intercepting passwords to an account in the app store, sending SMS, access to voice mail, formatting removable devices, etc.

April

A Heartbleed vulnerability has been discovered, resulting in a buffer overflow in OpenSSL. This makes it possible to read the contents of the memory of a remote server or client, including for obtaining crypto keys. Vulnerability has existed since 2011.

July

In the popular WordPress-plugin MailPoet Newsletters found a critical vulnerability, with which you can upload to the server php-files and gain control over the site. Vulnerabilities have been exposed to tens of thousands of sites around the world.

A malicious Mayhem was found that spreads to Linux / Unix servers under the guise of a php script and is used for brute force passwords.

Specialists from FireEye discovered a Masque Attack vulnerability in iOS: if you install an application with the same bundle identifier using a phishing link, like the previously installed “honest” application from the Apple Store, then one application will be replaced by another user data. Applications that are part of the iOS platform itself, such as the Mobile Safari browser, are not affected by this substitution.

August

A vulnerability was found in all (!) USB devices , which allows you to install and run malicious software from them without the possibility of detecting this fact.

September

A Shellshock vulnerability has been discovered that makes it possible to force a remote Linux or Unix server to execute arbitrary commands using HTTP requests. The vulnerability was discovered in the Bash command interpreter, an extremely popular tool in Linux / Unix environments. A little later, several more similar bash vulnerabilities were discovered.

October

A POODLE vulnerability has been discovered that allows SSL 3.0 and lower access to protected user data.

On 22 popular sites, among which were Yahoo, AOL and 9GAG, malicious software was found that spreads through adware modules. Using browser exploits, visitors' computers were infected with the CryptoWall program. Over 3 million visitors were hit daily.

November

Malicious software WireLurker , distributed on iOS-devices connected to OS X-computers. The malware was created in China and is distributed through unauthorized servers. Some time later, a suspect in the creation of a malicious program was arrested.

A scandal erupted in connection with the launch of a single Russian site, where the addresses of several thousand hacked private and corporate webcams were published. Anyone could unnoticed by the owners to get access to the video stream.

Just the other day, Symantec reported that it discovered a malware called Regin , which supposedly has existed in the “wild” since as early as 2003. Judging by a number of signs, this software is used by the NSA and the Headquarters of the UK Government Communications. In other words, it is a spying tool. At the same time, the most infected national networks were Russian, Iranian and Syrian.

* * *

In our blog, we periodically publish materials on some important events in the field of information security. In case you missed something from them in the last year, we decided to make a selection here.

Why, after the discovery of Heartbleed, we do not offer Mail.Ru Mail users to change passwords

Mail.Ru Group announces the launch of a vulnerability scanner

The month of searching for vulnerabilities: how we prepared for it and how it survived

How we implemented DKIM in Mail.Ru for business

Shaping attacks in networks of low latency or why Tor does not save from special services

Divide and conquer: how we implemented the separation of sessions on the Mail.Ru portal

About the leak of the user password database

How in the Cloud Mail.Ru appeared protection against viruses

Everything you wanted to know about Shellshock vulnerability (but were afraid to ask)

Viruses. Viruses? Viruses! Part 1

Viruses. Viruses? Viruses! Part 2

This poodle bites: using SSL 3.0 holes