Web threats

Bagle threats evolve from email worm to a complex network of zombies; author milks for profit.

8 years ago today, the first protected mode virus was detected ITW in Russia. Virus.DOS.PM_Wanderer was a milestone in Russian virus-writing history: the first attempts to write a protected mode virus in Russia were in 1994.

Blogs now being used to download malware

MSN Messenger 7 released yesterday

Kaspersky Anti-Virus Web Scanner beta – killing malware directly from the web

Melissa, a pioneer email virus celebrates its sixth birthday

We have seen an increase in IM-Worms over the last couple of weeks.

Today we detected a new Email-Worm which downloads and install AdWare onto the infected computer: we named it Email-Worm.Win32.CWS.a.

We’ve received a new variant of Wootbot, an IRC Trojan. The file is detected as Backdoor.Win32.Wootbot.gen, but contains an additional function: it will penetrate machines with MySQL server installed.

New Net-Worm.Win32.DipNet.d seems to be the cause of high network traffic on port 11768

Several potentially dangerous WMV (video files) are currently floating around P2P networks. We are detecting them as Trojan-Downloader.WMA.Wimad.a and Trojan-Downloader.WMA.Wimad.b.

We have detected a new Santy variant which also targets vulnerabilties in older versions of php. This new variant is more advanced/dangerous in a number of ways.

Sourcecode posted on mailinglists and sites hosting exploits

Google has announced that it will block search requests from Santy in order to prevent the worm from spreading further. I don’t think that this is enough to solve the problem. The authour can always release new versions that use other search engines – MSN or Yahoo, for instance.

What is worse,…

New variant of Santy was found some hours ago. We detect it as Net-Worm.Perl.Santy.b.