Malware reports

Malware Miscellany, August 2008

  1. Greediest Trojan targeting banks
    Trojan-Banker.Win32.Banker.rqk leads this month, even though it only attacks 26 banks, a relatively low number.

  2. Greediest Trojan targeting payment systems
    In August, a new modification of Backdoor.Win32.Agobot.gen won this category by targeting four payment systems simultaneously.

  3. Greediest Trojan targeting payment cards
    Trojan-Banker.Win32.Banbra.vf targets four payment card systems.

  4. Stealthiest malicious program
    Following last month’s victory, the Hupigon family makes another appearance with Backdoor.Win32.Hupigon.nqr – a program packed with seven different packers.

  5. Smallest malicious program
    Trojan.BAR.Tiny.a is a mere 31 bytes in size; it searches the system for applications and runs any it finds.

  6. Largest malicious program
    Trojan-Banker.Win32.Banker.qwp is only 27 MB in size – not particularly large for this category, but it still manages to take the prize.

  7. Most widespread malicious code which exploits a web vulnerability
    Trojan-Clicker.HTML.IFrame.uu.

  8. Most common malicious program on the Internet
    Trojan-Downloader.Win32.Small.aacq, the winner of this category which was introduced last month, is responsible for every 20th infection.

  9. Most common Trojan program
    Backdoor.Win32.Hupigon makes another appearance in this miscellany with 1044 modifications this month.

  10. Most common virus/ worm family
    August brought 75 modifications of Worm.Win32.AutoRun, a relatively small number for the winner of this category.

Malware Miscellany, August 2008

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox