Threat Category: Web threats | Page 22

We’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat.

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand.

This article is a study of one spam email and illustrates the methods employed by today’s cyber criminals to create botnets and conduct mass spam mailings.

Kaspersky Lab presents its monthly malware statistics for September

Cybercriminals are unlikely to reinvent the wheel, so once you’ve encountered a scam or threat, and have learnt, you can use this information in the future. This article therefore focuses on some typical examples, and explains how you can protect yourself.

Late on Monday, a lot of Russian ICQ users got sent this message

Kaspersky Lab presents its monthly malware statistics for August

The URL which Koobface was spreading from has now been brought down so attacks are blocked.

This malware rating is compiled from data generated by the Kaspersky Security Network (KSN)

In the past ten years, botnets have evolved from small networks of a dozen PCs controlled from a single C&C into sophisticated distributed systems comprising millions of computers with decentralized control. Why are these enormous zombie networks created?

As in previous months, this malware rating is compiled from data generated by the Kaspersky Security Network (KSN). However, slightly different methods have been used to select and analyze the data.

Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout May 2009.

Two Top Twenties have been compiled from data generated by the Kaspersky Security Network (KSN) throughout April 2009.

Today we’ve seen a new variant of Net-Worm.JS.Twettir going around on Twitter. Kaspersky products detect it as Net-Worm.JS.Twettir.h.

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Web threats

The Gumblar system

Monthly Malware Statistics: October 2009

Malware Miscellany, September 2009

The Cash Factory

Monthly Malware Statistics: September 2009

Traps on the Internet

The what-bot

Monthly Malware Statistics: August 2009

Koobface update

Monthly Malware Statistics: July 2009

The economics of Botnets

Monthly Malware Statistics: June 2009

Monthly Malware Statistics: May 2009

Monthly Malware Statistics: April 2009

New Twitter XSS-Worm going around

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails