Threat Category: Windows malware | Page 17

The following statistics were compiled in November using data collected from computers running Kaspersky Lab products

The sky is the limit for cybercriminal’s creativity. The latest wave are malicious boot loaders, the kit has been pioneered by Brazilian Trojan bankers who aim to remove security software.

In the past we’ve seen Rogue AV websites using fake screenshots made with templates but without any real interaction with the user PC. Now it has been changed.

The following statistics were compiled in October using data collected from computers running Kaspersky Lab products: 161,003,697 network attacks were blocked.

Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs.

Analysis of a R2D2 trojan version that supports 64 bit and comes with a long target process list

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

My colleague Jorge Mieres recently found a C&C server of a botnet based on a malicious program called Ice IX

After rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware.

Scar is a basic peer-to-peer botnet that serves as a distribution channel for installing other bad stuff.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Attacks registering a remote user account called ‘Remo’ which is password-protected allow Brazilian cybercriminals to have total access and control over infected machines.

Modification of the hard drive areas responsible for the initial loading of the system has become increasing popular with cybercriminals.

The recent online hysteria over the BitCoin virtual money system has attracted the attention not only of those who dream of making money out of thin air but also of cybercriminals who, as usual, want to steal anything they can get their hands on.

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

Monthly Malware Statistics: November 2011

Malicious Boot loaders

Choose your preferred Fake AV

Monthly Malware Statistics: October 2011

Fake AV business alive and kicking

Federal Trojan’s got a “Big Brother”

Monthly Malware Statistics: September 2011

Ice IX: not cool at all

Ice IX, the first crimeware based on the leaked ZeuS sources

The Miner Botnet: Bitcoin Mining Goes Peer-To-Peer

IT Threat Evolution: Q2 2011

All your data belong to ‘Remo’

Cybercriminals switch from MBR to NTFS

Gold rush

Monthly Malware Statistics, May 2011

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails