Windows malware

This time we have come across an interesting specimen: the Xpaj file infector, complete with bootkit functionality and able to run both under Windows x86 and Windows x64.

According to KSN data, Kaspersky Lab products detected and neutralized almost 1 billion malicious objects in Q1 2012.

The following statistics were compiled in April using data collected from computers running Kaspersky Lab products

The investigation into the Duqu Trojan is into its sixth month, and March brought further progress as we were able to establish which language was used for its Framework code.

On 20 March, we detected a spam campaign targeting passengers of US Airways. After clicking the link from an email a series of redirects eventually leads to a domain hosting BlackHole Exploit Kit.

Q: What is the Hlux/Kelihos botnet?
A: Kelihos is Microsoft’s name for what Kaspersky calls Hlux. Hlux is a peer-to-peer botnet with an architecture similar to the one used for the Waledac botnet. It consists of layers of different kinds of nodes: controllers, routers and workers.

In early March, we received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources

In the last few days a malicious program has been discovered with a valid signature. The malware is a 32- or 64-bit dropper that is detected by Kaspersky Lab as Trojan-Dropper.Win32.Mediyes or Trojan-Dropper.Win64.Mediyes respectively

The following statistics were compiled in February using data collected from computers running Kaspersky Lab products: 143,574,335 web-borne infections were prevented.

This section of the report is based on data obtained and processed using the Kaspersky Security Network (KSN).

The following statistics were compiled in November using data collected from computers running Kaspersky Lab products

The sky is the limit for cybercriminal’s creativity. The latest wave are malicious boot loaders, the kit has been pioneered by Brazilian Trojan bankers who aim to remove security software.

In the past we’ve seen Rogue AV websites using fake screenshots made with templates but without any real interaction with the user PC. Now it has been changed.

The following statistics were compiled in October using data collected from computers running Kaspersky Lab products: 161,003,697 network attacks were blocked.

Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs.