Incidents

New modifications of Trojan-Downloader spammed

We’ve been receiving a number of new samples of Trojan-Downloader.Win32.Delf.awg from users. It looks like this program, which will download Email-Worm.Win32.Scano, Trojan-Proxy.Win32.Xorpix and Trojan-PSW.Win32.LdPinch, has been widely spammed.

Delf.awg hides its network activity from firewalls by invading the svchost.exe process. The Trojan creates its own thread and uses it to download the malware, thus avoiding firewalls, which naturally allow network activity for svchost.exe.

The bad news is that you always need to be careful, and never open suspicious attachments. The good news is that KAV 6.0 and KIS detect these new modifications of Delf proactively. So even if you haven’t managed to update recently, you’re still protected.

New modifications of Trojan-Downloader spammed

Your email address will not be published. Required fields are marked *

 

Reports

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox