Threat Category: Windows malware | Page 27

We’ve been receiving a number of new samples of Trojan-Downloader.Win32.Delf.awg from users. The good news is that KAV 6.0 and KIS detect these new modifications of Delf proactively.

We’ve noticed an increase in the prevalence of Y!/MSN-aware worms. These rely on various social engineering tricks to lure the user into a malicious website.

A very nice description of a Trojan which in an attempt to keep other “competitors” out, installs an antivirus which it uses to keep the system clean. Unsurprisingly, the antivirus which the Trojan installs is KAV

This latest half-yearly report covers the most significant changes in malicious code evolution over the last six months and included a number of predictions as to how the situation may develop based on the statistics we have today.

Slander and plagiarism

Why viruses aren’t elks

No justification for writing malware

Over the weekend we saw the first malware to exploit MS06-040 – Backdoor.Win32.IRCBot.st.

Unlocking Pandora’s box with malware search engines

Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.

We have just received a new version of the StarOffice malware we wrote about last week.

The good news is that we’ve sorted the GpCode encryption algorithm, and added a decryption routine to the latest antivirus database updates.

Two hours ago we started receiving multiple emails from users with encrypted documents. Virus.Win32.GpCode.ae is responsible for this outbreak – this is a new variant of something we’ve reported on before.

Malware seeded on ICQ makes use of FPU instructions to avoid detection.

Almost a year ago we wrote about Tenga, a classic file infector with worm and trojan-downloader functionality. Recently we added detection for something similar: Virus.Win32.Virut.4960.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

New modifications of Trojan-Downloader spammed

The IM worms armada

Backdoor.Win32.Agent.uu aka Spamthru

Kaspersky Security Bulletin, January – June 2006: Malware Evolution

No good deed goes unpunished

Good guys doing bad things, part 2

Good guys doing bad things

Current state of MS06-040

Google – a treasure chest of dark wonders

GpCode.af

Stardust reloaded

GpCode: update

New GpCode spreading

The link between ICQ, FPU and Herndon, Virginia

Parasitic IRCBot in the wild

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails