Malware reports

Malware Miscellany, August 2007

The middle of the month means it’s time for our miscellany, so let’s take a look at what the final month of summer brought us.

  1. Greediest Trojan targeting banks As summer came to an end, a new Trojan took the lead in this category. Trojan-Spy.Win32.Banker.cji can track the online clients of 44 different banking systems at once
  2. Greediest Trojan targeting payment systems: Trojan-Spy.Win32.Banker.dfj took this title in August after setting its sights on three different electronic payment systems at the same time.
  3. Greediest Trojan targeting payment cards: The winner of this award in August is a one of the modifications of Trojan-Spy.Win32Banbra.hp, a Trojan hailing from Brazil that held this title in July as well. This malicious program not only targets the clients of three different plastic card systems, it also tracks the clients of a number of Brazilian banks.
  4. Stealthiest Malicious Program: The leader in this category in the last summer month was Backdoor.Win32.Hupigon.rc, which is packed nine times over by a variety of different packers.
  5. Smallest Malicious Program: In August, this title went to the tiny tot Trojan.BAT.Deltree.s. Don’t be fooled – this 16-byte program packs a punch and can destroy all of the directories on the C drive.
  6. Largest Malicious Program: The heftiest malicious program in August was one of the modifications of Trojan.Win32.VB.aqy. This portly program weighs in at 237MB and spreads disguised as a screensaver.
  7. Most Malicious Program: The winner of this title in August was Backdoor.Win32.IrcBot.aeo, which actively counters PC security systems by destroying them in the RAM and on the drive.
  8. Most Common Malicious Program in Email Traffic: The most common malicious program in email traffic was the old familiar Email-Worm.Win32.NetSky.q, which accounted for 21% of email traffic in the last summer month.
  9. Most Common Trojan Family: In August this title goes to Trojan-Spy.Win32.Banker, which racked up an impressive 736 different variants this month.
  10. Most Common Virus / Worm Family: The leader of this category goes to the Bagle family of worms this August, with a total of 29 modifications detected over the course of the month.

Malware Miscellany, August 2007

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox