Threat Category: Windows malware | Page 13

In response to numerous requests for comments and clarifications after our presentation at the Kaspersky Security Analyst Summit 2014, we have created this FAQ.

The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards).

Several media reported the news on January 7th, 2014, that a PC associated with “Monju” was infected by malware and there was a suspicion of information leaks.

Recently, though, we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q.

Interestingly enough, it seems that a new variant of the Jumcar malware family has appeared and a lot of changes have been made to the original source code.

We have discovered a new Tor-based malware, named “ChewBacca” and detected as “Trojan.Win32.Fsysna.fej”. Adding Tor to malware is not unique to this sample, but it’s still a rare feature.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers.

Yesterday morning we received a sample from Cuba of a malware that looks for the audio and video file extensions after infecting a victim’s machine.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Proxy auto-config (PAC) files are a modern resource that exist on all modern browsers.

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript.

We know that the family of malware called Trojan.MSIL.Jumcar and Trojan.Win32.Jumcar was developed in Peru with the primary aim of attacking Peruvian users.

According to KSN data, Kaspersky Lab products detected and neutralized 1 345 570 352 threats in Q1 2013.

Reports

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools.

Windows malware

Absolute Computrace: Frequently Asked Questions

Big Box LatAm Hack (3rd Part – Infection by Office Files)

Abused Update of GOM Player Poses a Threat

Worm Attack! Your Mailbox is Under Threat

From Latin America With Love, Jumcar Strikes Again

ChewBacca – a New Episode of Tor-based Malware

The Inevitable Move – 64-bit ZeuS Enhanced With Tor

ZeuS – now packed as an antivirus update

Multimedia Overwriter with Spy Features

Brazilian Bankers Gone Wild: Now Using Malicious Office Files

PAC – the Problem Auto Config

IT Threat Evolution: Q2 2013

AutoRun. Reloaded

Jumcar. Peruvian Navy? Who could be behind it? [Third part]

IT Threat Evolution: Q1 2013

Reports

APT trends report Q3 2024

Beyond the Surface: the evolution and expansion of the SideWinder APT group

BlindEagle flying high in Latin America

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Subscribe to our weekly e-mails