Threat Category: Web threats | Page 29

We have detected a new Santy variant which also targets vulnerabilties in older versions of php. This new variant is more advanced/dangerous in a number of ways.

Sourcecode posted on mailinglists and sites hosting exploits

Google has announced that it will block search requests from Santy in order to prevent the worm from spreading further. I don’t think that this is enough to solve the problem. The authour can always release new versions that use other search engines – MSN or Yahoo, for instance.

What is worse,…

New variant of Santy was found some hours ago. We detect it as Net-Worm.Perl.Santy.b.

phpBB 2.0.11 isn’t vulnerable

A worm that targets phpBB is on the loose

We’ve intercepted a few samples of a new Mydoom variant this morning. Detection has been made available with the latest antivirus database update as “Email-Worm.Win32.Mydoom.ad”.

A new variant in the Zafi family started to spread earlier today and seems to be propagating pretty fast.

More from the AVAR 2004 conference in Tokyo

Saturday seemed like a quiet day, apart from the new Sober, however it was far from that. In the morning I received some local reports claiming that some respectable sites were distributing malware.

As it turns out, a popular Adserver had been compromised and scripts were modified in such a way…

A new variant of Bofra has been reported – we are trying to get the distribution site closed.

Kaspersky Lab renames viruses previously detected as Mydoom

HTML e-mail & why it’s not a good idea

This day in 1988 saw the birth of the network worm Morris that quickly spread across the 6,000+ vulnerable computers then connected to the Internet.

We mentioned a payload for Bagle.at, where the worm tried to connect to compromised sites. Bagle.at tries to download and execute TrojanDownloader.Win32.Small.zj, a new variant of Small.

Reports

Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Web threats

New Santy also targets php vulnerabilities

Santy sourcecode publicly available

Preliminary evaluation of Santy outbreak

Santy.b was found “in the wild”

Update on Net-Worm.Perl.Santy.a and phpBB vulnerabitlity

Net-Worm.Perl.Santy.a outbreak

No holiday for Mydoom

Patriot on the loose

Japan – high technology, high security

Adserver compromised – legitimate sites serving malware

Yet another Bofra variant

New Mydoom variants now called Bofra

HTML e-mail & why it’s not a good idea

On this day in history … the birth of the network worm

Bagle.at links to compromised sites now active

Reports

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Kimsuky targets organizations with PebbleDash-based tools

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Subscribe to our weekly e-mails