Research

How much malicious code is really out there?

The Internet is evolving incredibly fast. We are always warning users about cyber-threats, but many users do not take this seriously. One problem is new users who don’t have much experience – there are more and more every day, and they don’t think viruses are a real problem. Our survey on the Russian version of Viruslist.com told us that only 25% of users update their anti virus databases every day – this gives lots of opportunity for new infections!

This morning a friend phoned me saying there is ‘something wrong’ with his computer. He installed a dedicated Internet line a week and a half ago, and at the same time reinstalled his operating system. He didn’t believe his computer could become infected in this short time. I scanned his hard disk using our latest databases, and got the following results. It’s no surprise that the computer was infected – what is maybe surprising is in just a week and a half my friend managed to pick up 78 (!) malicious programs:

Here is a summary of the results:

Trojan – 36
Trojan-Clicker – 2
Trojan-Downloader – 11
AdWare – 26
RiskWare – 3

How much malicious code is really out there?

Your email address will not be published. Required fields are marked *

 

Reports

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox