Malware descriptions

New IM Worm Squirming in Latin America

Whenever we discuss the most active malware-producing countries, Russia, China and Brazil are always atop the list. But there’s a new country that’s starting to appear in the top five:Mexico

In our monthly Latin America malware analysis published on https://securelist.lat/ and Threatpost (both in Spanish),we already mentioned that Mexico is known for producing local botnets.

On Aug 21, we (Kaspersky Lab) detected a new instant messenger worm that spreads through almost all well-known IM programs, including Skype, GTalk, Yahoo Messenger and Live MSN Messenger. The name of the threat is “IM-Worm.Win32.Zeroll.a

It “speaks” 13 different languages (including Spanish and Portuguese) according to the local language of the infected
Windows computer. There are some characteristics that show the worm originated Mexico. It is written in VB and the C&C is located on an IRC channel (an old botnet technique recycled by the Mexican coders).

Our statistics based on the KSN data show the biggest infections were registered in Mexico and Brazil.

It seems like the criminals behind the worm are now at the first stage of the crime — infecting as many machines as they can to have “a good” offers after to another criminals: pay per install, spam and others.

It’s worth mentioning that only three anti-virus programs (including Kaspersky) detect the threat.

New IM Worm Squirming in Latin America

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox