Research

How much malicious code is really out there?

The Internet is evolving incredibly fast. We are always warning users about cyber-threats, but many users do not take this seriously. One problem is new users who don’t have much experience – there are more and more every day, and they don’t think viruses are a real problem. Our survey on the Russian version of Viruslist.com told us that only 25% of users update their anti virus databases every day – this gives lots of opportunity for new infections!

This morning a friend phoned me saying there is ‘something wrong’ with his computer. He installed a dedicated Internet line a week and a half ago, and at the same time reinstalled his operating system. He didn’t believe his computer could become infected in this short time. I scanned his hard disk using our latest databases, and got the following results. It’s no surprise that the computer was infected – what is maybe surprising is in just a week and a half my friend managed to pick up 78 (!) malicious programs:

Here is a summary of the results:

Trojan – 36
Trojan-Clicker – 2
Trojan-Downloader – 11
AdWare – 26
RiskWare – 3

How much malicious code is really out there?

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox