Windows malware

A major objective pursued by malware writers when developing malicious code is to make it start as early as possible, enabling it to make key modifications to the operating system’s code and system drivers, such as installing hooks, before the antivirus product’s components initialize.

A few days ago the personal blog and Reddit account of MTgox CEO, Mark Karpeles, were hacked. Attackers used them to post a file, MtGox2014Leak.zip, which they claim contains valuable database dumps and specialized software for remote access to MtGox data.

In response to numerous requests for comments and clarifications after our presentation at the Kaspersky Security Analyst Summit 2014, we have created this FAQ.

The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards).

Several media reported the news on January 7th, 2014, that a PC associated with “Monju” was infected by malware and there was a suspicion of information leaks.

Recently, though, we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q.

Interestingly enough, it seems that a new variant of the Jumcar malware family has appeared and a lot of changes have been made to the original source code.

We have discovered a new Tor-based malware, named “ChewBacca” and detected as “Trojan.Win32.Fsysna.fej”. Adding Tor to malware is not unique to this sample, but it’s still a rare feature.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers.

Yesterday morning we received a sample from Cuba of a malware that looks for the audio and video file extensions after infecting a victim’s machine.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Proxy auto-config (PAC) files are a modern resource that exist on all modern browsers.

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript.