New Mydoom variants now called Bofra, which we detected yesterday, and its modification, which we detected today, have both been renamed in our antivirus databases as I-Worm.Bofra.a and .b.

These worms used the source code of Mydoom, but most virus analysts agree that they are actually a new family. And we agree with this opinion.

  • is renamed as I-Worm.Bofra.b
  • is renamed as I-Worm.Bofra.a

P.S. We have just detected another modification of this worm, which will be named I-Worm.Bofra.c.

New Mydoom variants now called Bofra

Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox