Threat Category: Potentially Unwanted Applications | Page 6

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

As in previous months, this malware rating is compiled from data generated by the Kaspersky Security Network (KSN). However, slightly different methods have been used to select and analyze the data.

We just described what happens on Kido controlled machines when the spambot Iksmas is installed and launched. However, Kido is also downloading a fake antivirus named SpywareProtect2009.

Last night the Kido (aka Conficker/ Downadup) botnet kicked into action – what everyone’s been on the lookout for since 1st April.

Today we detected a new potentially unwanted program for smartphones running Symbian S60 2nd edition – not-a-virus:Porn-Dialer.SymbOS.Pornidal.a

Criminals are using the Kido/ Conficker hype to bring their rogue Anti-Virus amongst the people.

Unexpected redirects

In its second month of compiling data, the new Kaspersky Security Network (KSN) technology revealed some significant changes amongst the most widespread malicious programs.

The format of the ‘Virus Top Twenty’ reports from Kaspersky Lab has changed as of July 2008

This month a total of 3 malicious programs for non-Windows platforms appeared out of nowhere.

Just the other day I found a browser plug-in on BitRoad dot net that people can download and use as a tool to download e-books. And yes…it was AdWare.Win32.Kitsune.f.

This annual report provides an overview the evolution of malware, adware and potentially malicious programs in 2007, and compares this data to that of 2006.

Over the last couple of days I’ve been looking at some of the latest tricks used by the creators of some adware – Virtumonde a.k.a Vundo.

This report surveys the evolution of malicious code in 2006, providing statistics on the increase in various types of malicious program, and an overview of significant trends.

Monitoring software made in Switzerland

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Potentially Unwanted Applications

Not Kaspersky

Monthly Malware Statistics: June 2009

Bot-watching 2

The neverending story

Porn dialers for smartphones

Criminals Surfing the Kido/ Conficker Hype

Unexpected redirects

Monthly Malware Statistics for August 2008

Monthly Malware Statistics for July 2008

Online Scanner Top Twenty for June 2008

Beware of free plug-ins

Kaspersky Security Bulletin 2007: Malware evolution in 2007

Virtumonde/Vundo goes file infector

Kaspersky Security Bulletin 2006: Malware Evolution

Legal spyware

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails