Threat Category: Windows malware | Page 19

The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit.

A user discovered potential malware on his computer the other day – the files “autorun.exe” and “autorun.inf” on the C: drive which, the user claims, reappear after being deleted.

Cybercriminals are using any sort of news, including rumors, to distribute their fake AV programs, and Black SEO is still being used extensively to spread them.

Rogue antivirus programs have been around for years now, trying to scare people into buying fake products. This time, Desktop Security 2010 RogueAV comes with an interesting new trick to frighten users.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Brazilian cybercriminals using proxy-auto-config feature to rediret users to malicious servers

Last Friday, Kaspersky Lab’s experts detected a new variant of Sality.aa, which is at present the most popular polymorphic virus. Within the last two years this virus has remained one of the TOP-5 malicious programs.

2009 was the latest milestone both in the history of malware and in the history of cybercrime, with a marked change in direction in both areas. This year laid the foundation of what we will see in the future.

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner.

Friday 13th! If you’re at all superstitious, today is bad news. But for those of us in the antivirus industry, Friday 13th is a special day.

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

As expected, we can confirm more compromised machines. Our current count looks as follows

Around October 20th we received mails from our office in Turkey about the “possible spread of a new virus”

After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand.

Kaspersky Lab presents its monthly malware statistics for September

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

TDSS

Making money from a website promotion system

Reports of TYPE O NEGATIVE frontman’s death unleash rogue AV

Rogue Anti Virus: Scaring people with Task Manager

ZeuS on the Hunt

Benign Feature, Malicious Use

A new version of Sality at large

Kaspersky Security Bulletin 2009. Malware Evolution 2009

Monthly Malware Statistics: December 2009

Happy Friday 13th!

Monthly Malware Statistics: October 2009

Gumblar update

The new gumblar

Malware Miscellany, September 2009

Monthly Malware Statistics: September 2009

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails