Incidents

Classical viruses ITW – never say die

Over 2 years have gone by since we’ve seen a true virus in the wild. Since the meaning of a “true” virus may be simply forgotten in today’s flux of Internet worms, by “true virus” we mean the good old file infectors, also called parasitic viruses which attach themselves to executable files on your disk. Yes, like CIH or Funlove for example. And yet…

On July 13 we received the first sample of Tenga – a true blue virus. We were surprised, but we let it it go. Tenga.a was followed by Tenga.b and finally Tenga.c, which arrived just yesterday. Tenga is a classic appending virus, but it has borrowed features from more modern malware: it can spread like a worm given the opportunity and also has a downloader function.

But modern features aside, Tenga is a good old classic virus, where the main goal is to self-replicate as much as possible. Once your machine is infected, you can end up with hundreds of infected files, all of which will then attempt to download Trojan-Downloader.Win32.Small.bdc.

It now remains to be seen whether this is a fluke or whether more virus writers will return to true viruses.

Classical viruses ITW – never say die

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox