Threat Category: Windows malware | Page 16

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources

In the last few days a malicious program has been discovered with a valid signature. The malware is a 32- or 64-bit dropper that is detected by Kaspersky Lab as Trojan-Dropper.Win32.Mediyes or Trojan-Dropper.Win64.Mediyes respectively

The following statistics were compiled in February using data collected from computers running Kaspersky Lab products: 143,574,335 web-borne infections were prevented.

This section of the report is based on data obtained and processed using the Kaspersky Security Network (KSN).

The following statistics were compiled in November using data collected from computers running Kaspersky Lab products

The sky is the limit for cybercriminal’s creativity. The latest wave are malicious boot loaders, the kit has been pioneered by Brazilian Trojan bankers who aim to remove security software.

In the past we’ve seen Rogue AV websites using fake screenshots made with templates but without any real interaction with the user PC. Now it has been changed.

The following statistics were compiled in October using data collected from computers running Kaspersky Lab products: 161,003,697 network attacks were blocked.

Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs.

Analysis of a R2D2 trojan version that supports 64 bit and comes with a long target process list

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

My colleague Jorge Mieres recently found a C&C server of a botnet based on a malicious program called Ice IX

After rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware.

Scar is a basic peer-to-peer botnet that serves as a distribution channel for installing other bad stuff.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Windows malware

A unique ‘bodiless’ bot attacks news site visitors

Mediyes – the dropper with a valid signature

Monthly Malware Statistics: February 2012

Kaspersky Security Bulletin. Statistics 2011

Monthly Malware Statistics: November 2011

Malicious Boot loaders

Choose your preferred Fake AV

Monthly Malware Statistics: October 2011

Fake AV business alive and kicking

Federal Trojan’s got a “Big Brother”

Monthly Malware Statistics: September 2011

Ice IX: not cool at all

Ice IX, the first crimeware based on the leaked ZeuS sources

The Miner Botnet: Bitcoin Mining Goes Peer-To-Peer

IT Threat Evolution: Q2 2011

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails