Malware reports

Malware Miscellany, August 2007

The middle of the month means it’s time for our miscellany, so let’s take a look at what the final month of summer brought us.

  1. Greediest Trojan targeting banks As summer came to an end, a new Trojan took the lead in this category. Trojan-Spy.Win32.Banker.cji can track the online clients of 44 different banking systems at once
  2. Greediest Trojan targeting payment systems: Trojan-Spy.Win32.Banker.dfj took this title in August after setting its sights on three different electronic payment systems at the same time.
  3. Greediest Trojan targeting payment cards: The winner of this award in August is a one of the modifications of Trojan-Spy.Win32Banbra.hp, a Trojan hailing from Brazil that held this title in July as well. This malicious program not only targets the clients of three different plastic card systems, it also tracks the clients of a number of Brazilian banks.
  4. Stealthiest Malicious Program: The leader in this category in the last summer month was Backdoor.Win32.Hupigon.rc, which is packed nine times over by a variety of different packers.
  5. Smallest Malicious Program: In August, this title went to the tiny tot Trojan.BAT.Deltree.s. Don’t be fooled – this 16-byte program packs a punch and can destroy all of the directories on the C drive.
  6. Largest Malicious Program: The heftiest malicious program in August was one of the modifications of Trojan.Win32.VB.aqy. This portly program weighs in at 237MB and spreads disguised as a screensaver.
  7. Most Malicious Program: The winner of this title in August was Backdoor.Win32.IrcBot.aeo, which actively counters PC security systems by destroying them in the RAM and on the drive.
  8. Most Common Malicious Program in Email Traffic: The most common malicious program in email traffic was the old familiar Email-Worm.Win32.NetSky.q, which accounted for 21% of email traffic in the last summer month.
  9. Most Common Trojan Family: In August this title goes to Trojan-Spy.Win32.Banker, which racked up an impressive 736 different variants this month.
  10. Most Common Virus / Worm Family: The leader of this category goes to the Bagle family of worms this August, with a total of 29 modifications detected over the course of the month.

Malware Miscellany, August 2007

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox