Malware reports

Malware Miscellany, June 2007

The middle of the month means it’s time for our miscellany, so let’s take a look at what the first month of summer brought us.

  1. Greediest Trojan targeting banks – this month the award goes to, which targeted 84 financial organizations. That’s just slightly less than last month’s 87.
  2. Greediest Trojan targeting payment systems – this title goes to Backdoor.Win32.VB.bck this month after it tracked the users of three different e-currency systems.
  3. Greediest Trojan targeting payment cardsTrojan-PSW.Win32.VB.kq, which took the same title in May, is really getting into its gluttonous stride. A new variant was detected in June which already targeting five different card systems, up from four last month.
  4. Stealthiest malicious program – in June this title went to Backdoor.Win32.Amutius.143, packed eight times using a range of packers.
  5. Smallest malicious program – this month we have the tiny 14-byte Trojan.BAT.DelTree.d. This puny program still packs a punch by deleting all directories from the disk.
  6. Largest malicious program – Trojan-Spy.Win32Banbra.ha weighed in as the month’s largest malicious program at nearly 30MB (almost nothing compared to last month’s whopper).
  7. Most malicious program – the leader in this category this month is Trojan.Win32.AddUser.k, which deletes antivirus solutions and services from the disk, from RAM, and all related registry keys.
  8. Most common malicious program in email traffic – the prize for this category goes to Email-Worm.Win32.NetSky.q, which accounted for over 16% of all malicious email traffic.
  9. Most common Trojan familyTrojan-Downloader.Win32.Agent is well ahead in this category, with 501 new variants detected in June.
  10. Most common virus/ worm familyZhelatin put in some effort this month, with a total of 49 modifications being intercepted in June.

With so many Trojan variants, virus writers are showing no signs of taking off for the beach. Which means, of course, that we won’t either. Drop by the blog this time next month for an update.

Malware Miscellany, June 2007

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox