Malware reports

Malware Miscellany, December 2008

  • Greediest Trojan targeting banks
    Trojan.Win32.Qhost.gn wins this category, by redirecting clients of 39 different banks to phishing sites.

  • Greediest Trojan targeting payment systems and payment cards
    Just like last month, a single piece of malware comes out top in these two categories. This time, it’s Trojan.Win32.Agent.eii, which targets users of three payment systems and 4 payment cards simultaneously.

  • Stealthiest malicious program
    Trojan-PSW.Win32.LdPinch.auv is packed with 10 different packers.

  • Smallest malicious program
    Trojan.BAT.Shutdown.g is a mere 20 bytes, but it’s still able to reboot the infected computer in spite of its minute size.

  • Largest malicious program
    Trojan-Banker.Win32.Banbra.bby is 27 MB in size.

  • Most common malicious code which exploits a vulnerability
    In December, exploits for an SWF vulnerability made up 12% of all malicious content.

  • Most common malicious code on the Internet
    Trojan-Downloader.HTML.IFrame.wf accounted for nearly 8% of all malicious traffic this month.

  • Most common Trojan family
    1499 previously unknown modifications make Backdoor.Win32.Hupigon the winner of this category in December.

  • Most common virus/ worm family
    Worm.Win32.AutoRun came up with 312 new modifications this month, putting it at the top of this class.

Malware Miscellany, December 2008

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox