Malware reports

Malware Miscellany, December 2008

  • Greediest Trojan targeting banks
    Trojan.Win32.Qhost.gn wins this category, by redirecting clients of 39 different banks to phishing sites.

  • Greediest Trojan targeting payment systems and payment cards
    Just like last month, a single piece of malware comes out top in these two categories. This time, it’s Trojan.Win32.Agent.eii, which targets users of three payment systems and 4 payment cards simultaneously.

  • Stealthiest malicious program
    Trojan-PSW.Win32.LdPinch.auv is packed with 10 different packers.

  • Smallest malicious program
    Trojan.BAT.Shutdown.g is a mere 20 bytes, but it’s still able to reboot the infected computer in spite of its minute size.

  • Largest malicious program
    Trojan-Banker.Win32.Banbra.bby is 27 MB in size.

  • Most common malicious code which exploits a vulnerability
    In December, exploits for an SWF vulnerability made up 12% of all malicious content.

  • Most common malicious code on the Internet
    Trojan-Downloader.HTML.IFrame.wf accounted for nearly 8% of all malicious traffic this month.

  • Most common Trojan family
    1499 previously unknown modifications make Backdoor.Win32.Hupigon the winner of this category in December.

  • Most common virus/ worm family
    Worm.Win32.AutoRun came up with 312 new modifications this month, putting it at the top of this class.

Malware Miscellany, December 2008

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox