Threat Category: Web threats | Page 28

We have detected a new Santy variant which also targets vulnerabilties in older versions of php. This new variant is more advanced/dangerous in a number of ways.

Sourcecode posted on mailinglists and sites hosting exploits

Google has announced that it will block search requests from Santy in order to prevent the worm from spreading further. I don’t think that this is enough to solve the problem. The authour can always release new versions that use other search engines – MSN or Yahoo, for instance.

What is worse,…

New variant of Santy was found some hours ago. We detect it as Net-Worm.Perl.Santy.b.

phpBB 2.0.11 isn’t vulnerable

A worm that targets phpBB is on the loose

We’ve intercepted a few samples of a new Mydoom variant this morning. Detection has been made available with the latest antivirus database update as “Email-Worm.Win32.Mydoom.ad”.

A new variant in the Zafi family started to spread earlier today and seems to be propagating pretty fast.

More from the AVAR 2004 conference in Tokyo

Saturday seemed like a quiet day, apart from the new Sober, however it was far from that. In the morning I received some local reports claiming that some respectable sites were distributing malware.

As it turns out, a popular Adserver had been compromised and scripts were modified in such a way…

A new variant of Bofra has been reported – we are trying to get the distribution site closed.

Kaspersky Lab renames viruses previously detected as Mydoom

HTML e-mail & why it’s not a good idea

This day in 1988 saw the birth of the network worm Morris that quickly spread across the 6,000+ vulnerable computers then connected to the Internet.

We mentioned a payload for Bagle.at, where the worm tried to connect to compromised sites. Bagle.at tries to download and execute TrojanDownloader.Win32.Small.zj, a new variant of Small.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Web threats

New Santy also targets php vulnerabilities

Santy sourcecode publicly available

Preliminary evaluation of Santy outbreak

Santy.b was found “in the wild”

Update on Net-Worm.Perl.Santy.a and phpBB vulnerabitlity

Net-Worm.Perl.Santy.a outbreak

No holiday for Mydoom

Patriot on the loose

Japan – high technology, high security

Adserver compromised – legitimate sites serving malware

Yet another Bofra variant

New Mydoom variants now called Bofra

HTML e-mail & why it’s not a good idea

On this day in history … the birth of the network worm

Bagle.at links to compromised sites now active

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails