Threat Category: Web threats | Page 27

Today we’ve been getting more and more reports of a particular Backdoor.Win32.SdBot variant spreading. This SdBot is packed using UPX, Upolyx and Morphine, we detect it using our generic signature as Backdoor.Win32.SdBot.gen.

In the last week or so, new trends in using IM (instant messaging) applications to spread malicious code have been on the rise.

Sober.q is sending out spam

Protection mechanisms have gained in popularity

Social engineering: an ongoing love story

Bagle threats evolve from email worm to a complex network of zombies; author milks for profit.

8 years ago today, the first protected mode virus was detected ITW in Russia. Virus.DOS.PM_Wanderer was a milestone in Russian virus-writing history: the first attempts to write a protected mode virus in Russia were in 1994.

Blogs now being used to download malware

MSN Messenger 7 released yesterday

Kaspersky Anti-Virus Web Scanner beta – killing malware directly from the web

Melissa, a pioneer email virus celebrates its sixth birthday

We have seen an increase in IM-Worms over the last couple of weeks.

Today we detected a new Email-Worm which downloads and install AdWare onto the infected computer: we named it Email-Worm.Win32.CWS.a.

We’ve received a new variant of Wootbot, an IRC Trojan. The file is detected as Backdoor.Win32.Wootbot.gen, but contains an additional function: it will penetrate machines with MySQL server installed.

New Net-Worm.Win32.DipNet.d seems to be the cause of high network traffic on port 11768

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Web threats

Hybrid IM malware making rounds

IM malware diversifying

Sober.q has become active

Protection mechanisms

Social engineering: an ongoing love story

The Bagle botnet

Historical notes: protected mode viruses in Russia

Blogging bad for you?

MSN makes an attempt to stop IM-worms

Kaspersky Anti-Virus Web Scanner

The Melissa virus struck 6 years ago today

Isn’t she cute?

CWS goes e-mail

Malicious code spreading via MySQL server

New Net-Worm.Win32.DipNet.d

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails