Windows malware

It has been three years since we published Lock, stock and two smoking Trojans in our blog. The article describes the first piece of malware designed to attack users of online banking software developed by a company called BIFIT.

Don’t believe your eyes but check if you still have your AV solution. Instead of fighting AV detections, cybercriminals from Brazil just replace them with their own fake solutions.

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet.

Yesterday it was a dark day for many companies in Europe, but especially in the Netherlands. A piece of malware known as Worm.Win32.Dorifel infected over 3000 machines globally, and 90% of infected users were both from public and business sector organizations based in the Netherlands.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.

This time we have come across an interesting specimen: the Xpaj file infector, complete with bootkit functionality and able to run both under Windows x86 and Windows x64.

According to KSN data, Kaspersky Lab products detected and neutralized almost 1 billion malicious objects in Q1 2012.

The following statistics were compiled in April using data collected from computers running Kaspersky Lab products

The investigation into the Duqu Trojan is into its sixth month, and March brought further progress as we were able to establish which language was used for its Framework code.

On 20 March, we detected a spam campaign targeting passengers of US Airways. After clicking the link from an email a series of redirects eventually leads to a domain hosting BlackHole Exploit Kit.

Q: What is the Hlux/Kelihos botnet?
A: Kelihos is Microsoft’s name for what Kaspersky calls Hlux. Hlux is a peer-to-peer botnet with an architecture similar to the one used for the Waledac botnet. It consists of layers of different kinds of nodes: controllers, routers and workers.

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources

In the last few days a malicious program has been discovered with a valid signature. The malware is a 32- or 64-bit dropper that is detected by Kaspersky Lab as Trojan-Dropper.Win32.Mediyes or Trojan-Dropper.Win64.Mediyes respectively