Windows malware

Recently Kaspersky Lab has contributed to an alliance of law enforcement and industry organizations, to undertake measures against the internet domains and servers that form the core of an advanced cybercriminal infrastructure that uses the Shylock Trojan to attack online banking systems around the globe.

Microsoft seized 22 domains previously owned by Vitalwerks, company behind dynamic dns service NO-IP

A major objective pursued by malware writers when developing malicious code is to make it start as early as possible, enabling it to make key modifications to the operating system’s code and system drivers, such as installing hooks, before the antivirus product’s components initialize.

A few days ago the personal blog and Reddit account of MTgox CEO, Mark Karpeles, were hacked. Attackers used them to post a file, MtGox2014Leak.zip, which they claim contains valuable database dumps and specialized software for remote access to MtGox data.

In response to numerous requests for comments and clarifications after our presentation at the Kaspersky Security Analyst Summit 2014, we have created this FAQ.

The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards).

Several media reported the news on January 7th, 2014, that a PC associated with “Monju” was infected by malware and there was a suspicion of information leaks.

Recently, though, we saw a series of messages persistently sent to the same email address. Apparently, the attacker’s main goal was to infect that computer – all emails, no matter what their headers were, contained Email-Worm.Win32.NetSky.q.

Interestingly enough, it seems that a new variant of the Jumcar malware family has appeared and a lot of changes have been made to the original source code.

We have discovered a new Tor-based malware, named “ChewBacca” and detected as “Trojan.Win32.Fsysna.fej”. Adding Tor to malware is not unique to this sample, but it’s still a rare feature.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers.

Yesterday morning we received a sample from Cuba of a malware that looks for the audio and video file extensions after infecting a victim’s machine.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Proxy auto-config (PAC) files are a modern resource that exist on all modern browsers.