Threat Category: Potentially Unwanted Applications | Page 7

This is the second month that we are analyzing the data we collect from our on-line scanner. We can now make preliminary comparisons with our mail traffic statistics and analyze emerging trends.

We have decided to change the alert for Nyxem.e from red (severe risk) to green (informational).

Recently we’ve added detection for the stealth (rootkit) component of the XCP software to our bases as RiskWare.

Since we last reported on Nsag infectors, we’ve seen quite a lot of new malware related to Nsag.

A professional malware market started to emerge at the very end of 2003, gained ground during 2004, and was well established by the beginning of 2005.

Extended databases turn 2, while x-files date much further back

Kaspersky Lab presents an overview of malware and cyber threat evolution in the second quarter of 2005.

Virus.Win32.Nsag.a has been causing havoc across the globe for a couple of weeks now.

Protection mechanisms have gained in popularity

Kaspersky Lab presents an overview of malware evolution in the first quarter of 2005.

New threat or new jargon

Today we detected a new Email-Worm which downloads and install AdWare onto the infected computer: we named it Email-Worm.Win32.CWS.a.

More file infecting AdWare found in the wild

AdWare goes parasitic

First time in my life I see how different AdWares fight each other. A new 21KB Win32 executable first removes data files and registry keys which belongs to EliteBar AdWare.

Reports

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Potentially Unwanted Applications

On-line Scanner Top Twenty February 2006

Nyxem.e status to green

Detection for XCP software

The Nsag infector story continues

Watershed in malicious code evolution

Two years since the introduction of the extended databases

Malware Evolution: April – June 2005

Smitfraud meets Nsag: return of the file infector

Protection mechanisms

Malware Evolution: January – March 2005

No such thing as spyware

CWS goes e-mail

The file infecting AdWare saga continues

AdWare crosses the line

Adware or adwars?

Reports

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

SideWinder targets the maritime and nuclear sectors with an updated toolset

Subscribe to our weekly e-mails