Threat Category: Web threats | Page 28

8 years ago today, the first protected mode virus was detected ITW in Russia. Virus.DOS.PM_Wanderer was a milestone in Russian virus-writing history: the first attempts to write a protected mode virus in Russia were in 1994.

Blogs now being used to download malware

MSN Messenger 7 released yesterday

Kaspersky Anti-Virus Web Scanner beta – killing malware directly from the web

Melissa, a pioneer email virus celebrates its sixth birthday

We have seen an increase in IM-Worms over the last couple of weeks.

Today we detected a new Email-Worm which downloads and install AdWare onto the infected computer: we named it Email-Worm.Win32.CWS.a.

We’ve received a new variant of Wootbot, an IRC Trojan. The file is detected as Backdoor.Win32.Wootbot.gen, but contains an additional function: it will penetrate machines with MySQL server installed.

New Net-Worm.Win32.DipNet.d seems to be the cause of high network traffic on port 11768

Several potentially dangerous WMV (video files) are currently floating around P2P networks. We are detecting them as Trojan-Downloader.WMA.Wimad.a and Trojan-Downloader.WMA.Wimad.b.

We have detected a new Santy variant which also targets vulnerabilties in older versions of php. This new variant is more advanced/dangerous in a number of ways.

Sourcecode posted on mailinglists and sites hosting exploits

Google has announced that it will block search requests from Santy in order to prevent the worm from spreading further. I don’t think that this is enough to solve the problem. The authour can always release new versions that use other search engines – MSN or Yahoo, for instance.

What is worse,…

New variant of Santy was found some hours ago. We detect it as Net-Worm.Perl.Santy.b.

phpBB 2.0.11 isn’t vulnerable

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Web threats

Historical notes: protected mode viruses in Russia

Blogging bad for you?

MSN makes an attempt to stop IM-worms

Kaspersky Anti-Virus Web Scanner

The Melissa virus struck 6 years ago today

Isn’t she cute?

CWS goes e-mail

Malicious code spreading via MySQL server

New Net-Worm.Win32.DipNet.d

Compromised WMV files in P2P networks

New Santy also targets php vulnerabilities

Santy sourcecode publicly available

Preliminary evaluation of Santy outbreak

Santy.b was found “in the wild”

Update on Net-Worm.Perl.Santy.a and phpBB vulnerabitlity

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails