Malware reports

Malware Miscellany, May 2007

Virus writers didn’t take any time off over the public holidays, and the results of their labour have made their way into our May miscellany.

  1. Greediest Trojan targeting banks – in May, this title went to Trojan-Spy.Win32.Banker.aqu, a modification that targets 87 banks simultaneously.
  2. Greediest Trojan targeting e-payment systems – this month’s glutton is Trojan-PSW.Win32.VB.kq, which targets four e-payment systems.
  3. Greediest Trojan targeting payment cardsTrojan-PSW.Win32.VB.kq wins the prize in this category; it targets four payment card systems, and interestingly also targets e-payment systems (see the above category).
  4. Stealthiest malicious program – once again, it’s a Hupigon variant winning out in this category. Backdoor.Win32.Hupigon.rc is packed ten times with a whole range of packers. Nevertheless, this didn’t save the backdoor from detection.
  5. Smallest malicious program – this prize goes to a tiny little program weighing in at a mere 9 bytes. Despite its very compact size, Trojan.DOS.DiskEraser.b is smart enough to delete data from disk.
  6. Biggest malicious was the most space-hungry malicious program in May. This file-deleting Trojan weighs in at a whopping 247MB. Interestingly enough, both May’s smallest and largest programs have the same malicious payload – but the difference in size is remarkable.
  7. Most malicious program – the leader in this category in May is Backdoor.Win32.Agobot.afy, which deletes antivirus programs using a variety of methods.
  8. Most common malicious program in email traffic – this title went to Email-Worm.Win32.Netsky.t this May. Despite being an old-timer, this worm is still causing major damage, accounting for over 15% of all malicious email traffic in May 2007.
  9. Most common Trojan family – the winner of this category this month is the Backdoor.Win32.Rbot family, with 454 modifications in the course of just one month.
  10. Most common virus/worm family – the Warezov family once again took this title this month. A total of 78 different variants of the Warezov family were detected in May, up from 72 in April.

The summer holidays are coming up, and although it’s unlikely we’ll see worm epidemics on the scale of those in 2004/5, we’ll still have plenty of work to do. See you in June for the next issue of our Miscellany!

Malware Miscellany, May 2007

Your email address will not be published. Required fields are marked *



Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox