Windows malware

The tactics used by the cybercriminals remained the same. Surfing the web is still a dangerous pastime, while social engineering is routinely used to entice users into opening malicious links or downloading malicious or fraudulent programs.

In early December, Kaspersky Lab experts detected samples of the malicious program TDL4 (a new modification of TDSS) which uses a 0-day vulnerability for privilege escalation under Windows 7/2008 x86/x64 (CVE: 2010-3888).

GpCode.ax is not the only piece of ransomware today. We’ve just discovered a malware which overwrites the master boot record (MBR) and demands a ransom to retrieve a password and restore the original MBR.

You may have noticed that we lowered our internet threat level to low risk. We have taken another look at Email-Worm.Win32.VBMania and its prevalence and came to the conclusion the increased threat level was not warranted.

We’ve identified a worm called VBMania. This might not sound like anything much, but in contrast to most worms today, it spreads via email. Real old school.

The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit.

A user discovered potential malware on his computer the other day – the files “autorun.exe” and “autorun.inf” on the C: drive which, the user claims, reappear after being deleted.

Cybercriminals are using any sort of news, including rumors, to distribute their fake AV programs, and Black SEO is still being used extensively to spread them.

Rogue antivirus programs have been around for years now, trying to scare people into buying fake products. This time, Desktop Security 2010 RogueAV comes with an interesting new trick to frighten users.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Brazilian cybercriminals using proxy-auto-config feature to rediret users to malicious servers

Last Friday, Kaspersky Lab’s experts detected a new variant of Sality.aa, which is at present the most popular polymorphic virus. Within the last two years this virus has remained one of the TOP-5 malicious programs.

2009 was the latest milestone both in the history of malware and in the history of cybercrime, with a marked change in direction in both areas. This year laid the foundation of what we will see in the future.

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner.

Friday 13th! If you’re at all superstitious, today is bad news. But for those of us in the antivirus industry, Friday 13th is a special day.