Windows malware

It’s getting dark outside and our favorite mail client beeps with excitement for a new missive in our inbox, something interesting perhaps?

In this article we look at the evolution of complication of the encryption schemes used by virus writers and the methods they adopt to put pressure on their victims. At the end of the article there is some advice for users which might help them protect important files.

The portmanteau-named SKYPEFALL.EXE is the latest, very active, malware-spamming campaign spreading through Skype.

There is no doubt WhatsApp is among the most popular mobile IMs nowadays – its 700 million users worldwide were eagerly awaiting this week’s promised desktop version.

After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable of doing the same job?

Trojan-Ransom.Win32.Onion is a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques ‘tested’ on its predecessors and solutions that are completely new for this class of malware.

Recently Kaspersky Lab has contributed to an alliance of law enforcement and industry organizations, to undertake measures against the internet domains and servers that form the core of an advanced cybercriminal infrastructure that uses the Shylock Trojan to attack online banking systems around the globe.

Microsoft seized 22 domains previously owned by Vitalwerks, company behind dynamic dns service NO-IP

A major objective pursued by malware writers when developing malicious code is to make it start as early as possible, enabling it to make key modifications to the operating system’s code and system drivers, such as installing hooks, before the antivirus product’s components initialize.

A few days ago the personal blog and Reddit account of MTgox CEO, Mark Karpeles, were hacked. Attackers used them to post a file, MtGox2014Leak.zip, which they claim contains valuable database dumps and specialized software for remote access to MtGox data.

In response to numerous requests for comments and clarifications after our presentation at the Kaspersky Security Analyst Summit 2014, we have created this FAQ.

The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards).

Several media reported the news on January 7th, 2014, that a PC associated with “Monju” was infected by malware and there was a suspicion of information leaks.

Recently, though, we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q.

Interestingly enough, it seems that a new variant of the Jumcar malware family has appeared and a lot of changes have been made to the original source code.