Threat Category: Windows malware | Page 18

Analysis of a R2D2 trojan version that supports 64 bit and comes with a long target process list

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

My colleague Jorge Mieres recently found a C&C server of a botnet based on a malicious program called Ice IX

After rumors about the supposed merger between SpyEye and ZeuS, and the public release of the source of the latter, it was logical that the range of possibilities opened up even more for new cybercriminals into the ecosystem of crimeware.

Scar is a basic peer-to-peer botnet that serves as a distribution channel for installing other bad stuff.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Attacks registering a remote user account called ‘Remo’ which is password-protected allow Brazilian cybercriminals to have total access and control over infected machines.

Modification of the hard drive areas responsible for the initial loading of the system has become increasing popular with cybercriminals.

The recent online hysteria over the BitCoin virtual money system has attracted the attention not only of those who dream of making money out of thin air but also of cybercriminals who, as usual, want to steal anything they can get their hands on.

The following statistics were compiled in May using data from computers running Kaspersky Lab products 242,663,383 network attacks blocked.

In the last few days experts at Kaspersky Lab have detected new samples of the malicious program MAX++ (aka ZeroAccess). Back then, MAX++ only worked on x86 platforms; now it is capable of functioning on x64 systems!

A host of events took place in the world of IT threats during the first quarter of 2011.

The following statistics were compiled in April using data from computers running Kaspersky Lab products: 221 mln network attacks blocked,190 mln malicious programs detected, 86 mln heuristic verdicts registered.

The Artro botnet has been around since early 2008. However, a full description of its functionality is still not available, so to rectify this, we decided to publish the results of a study we undertook.

We recently discovered a new bootkit, i.e. a malicious program which infects the hard drive’s boot sector. Kaspersky Lab detects it as Rookit.Win32.Fisp.a.

Reports

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Windows malware

Federal Trojan’s got a “Big Brother”

Monthly Malware Statistics: September 2011

Ice IX: not cool at all

Ice IX, the first crimeware based on the leaked ZeuS sources

The Miner Botnet: Bitcoin Mining Goes Peer-To-Peer

IT Threat Evolution: Q2 2011

All your data belong to ‘Remo’

Cybercriminals switch from MBR to NTFS

Gold rush

Monthly Malware Statistics, May 2011

MAX++ sets its sights on x64 platforms

IT Threat Evolution for Q1-2011

Monthly Malware Statistics, April 2011

The ‘Advertising’ Botnet

The Chinese bootkit

Reports

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Subscribe to our weekly e-mails