Windows malware

We’ve identified a worm called VBMania. This might not sound like anything much, but in contrast to most worms today, it spreads via email. Real old school.

The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit.

A user discovered potential malware on his computer the other day – the files “autorun.exe” and “autorun.inf” on the C: drive which, the user claims, reappear after being deleted.

Cybercriminals are using any sort of news, including rumors, to distribute their fake AV programs, and Black SEO is still being used extensively to spread them.

Rogue antivirus programs have been around for years now, trying to scare people into buying fake products. This time, Desktop Security 2010 RogueAV comes with an interesting new trick to frighten users.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Brazilian cybercriminals using proxy-auto-config feature to rediret users to malicious servers

Last Friday, Kaspersky Lab’s experts detected a new variant of Sality.aa, which is at present the most popular polymorphic virus. Within the last two years this virus has remained one of the TOP-5 malicious programs.

2009 was the latest milestone both in the history of malware and in the history of cybercrime, with a marked change in direction in both areas. This year laid the foundation of what we will see in the future.

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner.

Friday 13th! If you’re at all superstitious, today is bad news. But for those of us in the antivirus industry, Friday 13th is a special day.

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

As expected, we can confirm more compromised machines. Our current count looks as follows

Around October 20th we received mails from our office in Turkey about the “possible spread of a new virus”

After a lengthy interlude, we’re renewing our monthly malware almanac by popular demand.