Malware reports

Malware Miscellany, October 2007

In spite of the change of seasons, October’s malware miscellany is in some ways remarkably similar to September’s, with a number of familiar programs once again making an appearance. Let’s take a closer look at the details:

  1. Greediest Trojan targeting banks: This month’s leader is a modification of Trojan-Spy.Win32.Banker.ezn, which targets 45 banks. This seems positively modest in comparison to last month’s leader, which set its sights on 134 banks simultaneously.
  2. Greediest Trojan targeting payment systems: Backdoor.Win32.Xhaker.c is very equitable in its approach – it attacks three e-payment systems and three plastic card systems.
  3. Greediest Trojan targeting plastic cards: See above.
  4. Stealthiest malicious program: The number 10 seems to be in favour at the moment – this month’s winner, Backdoor.Win32.Hupigon.mrv, is packed with ten different packers, just as last month’s leader was.
  5. Smallest malicious program: In spite of its tiny 17 bytes, Trojan.BAT.DeltreeY.a packs a punch and wins the October nomination.
  6. Biggest malicious program: Once again, a hefty representative of the Haradong family wins out – Trojan.Win32.Haradong.ct weighs in at 244MB, slightly larger than its close relative Haradong.bj, last month’s winner in this category.
  7. Most malicious program: Backdoor.Win32.Rbot.ejs, like so many past winners of this category, disables security solutions by deleting them from memory and from the registry.
  8. Most common malicious program in mail traffic: Email-Worm.Win32.Netsky.q retains its persistent presence in this category for the third month running, and made up 20.11% of all malicious programs in mail traffic in October.
  9. Most common Trojan family: In spite of an impressive 563 modifications, Trojan-Spy.Win32.Banker‘s numbers are following last month’s trend, with figures just over 100 down on September’s.
  10. Most common virus/ worm family: Email-Worm.Win32.Zhelatin (a.k.a the Storm worm) continues to reign in this category for the second month running, with 38 modifications in October.

Malware Miscellany, October 2007

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox