Threat Category: Windows malware | Page 25

In place of the traditional and somewhat dull domination of the rankings by old email worms, in December we encountered the explosive propagation of a new generation of programs.

A look at the December statistics makes it possible for us to draw some preliminary conclusions about the malware landscape in 2007.

Yesterday I was taking a look at a new backdoor with MSN-Worm functionality, Backdoor.Win32.VB.bsf. This backdoor is specifically designed to steal (bank related) passwords and to spy on the user

Although the malicious programs leading November’s 2007 Email Top Twenty have changed, the data once again highlights the absence of any serious epidemics in mail traffic

In November, our online statistics returned to their usual state of flux: there are 11 new malicious programs in the Top Twenty, a new leader and it’s very unclear what the future may hold

Over the last couple of days I’ve been looking at some of the latest tricks used by the creators of some adware – Virtumonde a.k.a Vundo.

Greediest Trojan targeting payment systems, stealthiest malicious program, most common malicious program in mail traffic, most common Trojan family and others.

Our online virus scanner’s October rankings are a bit unusual. What makes them stand out from previous months is a stability that we have not seen before.

If this month’s Top Twenty had been prepared using data from the first 26 days of October, two important malware related events would have been missing

This half-year report examines changes in malware compared with to the second half of 2006.

Greediest Trojan targeting payment systems, stealthiest malicious program, most common malicious program in mail traffic, most common Trojan family and others.

Netsky.q is once again in first place. This worm has finally achieved notoriety as the most widespread malicious program in the history of the Internet.

September’s Online Top Twenty was a little unusual in terms of the movement of the entries.

Pinch is a true omnivore – it grabs just about everything it can from the victim machine: the Windows license number, system information, a list of programs installed, as well as ICQ, email and FTP passwords.

The middle of the month means it’s time for our miscellany, so let’s take a look at what the final month of summer brought us.

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Windows malware

Virus Top 20 for December 2007

Online Scanner Top Twenty for December 2007

Calling the hyve

Virus Top 20 for November 2007

Online Scanner Top Twenty for November 2007

Virtumonde/Vundo goes file infector

Malware Miscellany, October 2007

Online Scanner Top Twenty for October 2007

Virus Top 20 for October 2007

Malware evolution: January – July 2007

Malware Miscellany, September 2007

Virus Top Twenty for September 2007

Online Scanner Top Twenty for September 2007

Pinch pinched

Malware Miscellany, August 2007

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails