Threat Category: Windows malware | Page 27

Unlocking Pandora’s box with malware search engines

Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.

We have just received a new version of the StarOffice malware we wrote about last week.

The good news is that we’ve sorted the GpCode encryption algorithm, and added a decryption routine to the latest antivirus database updates.

Two hours ago we started receiving multiple emails from users with encrypted documents. Virus.Win32.GpCode.ae is responsible for this outbreak – this is a new variant of something we’ve reported on before.

Malware seeded on ICQ makes use of FPU instructions to avoid detection.

Almost a year ago we wrote about Tenga, a classic file infector with worm and trojan-downloader functionality. Recently we added detection for something similar: Virus.Win32.Virut.4960.

A new piece of ransomware, called Ransom.a by most AV vendors, has been spotted in the wild. Evidence received so far suggests that this Trojan can be found on P2P networks.

Early this morning we released an update for Net-Worm.Win32.Mytob.eg. Since then we’ve been seeing a clear increase in the number of samples.

The spring seems to be a prolific time for new ideas and proof of concept viruses. However, not all of them are a cause for concern.

Over the last few days new variants of Trojan-PSW.Win32.LdPinch have been spreading actively on the Russian internet.

We’ve received a new sample: another cross platform virus which will infect both Linux and Win32 systems. It’s therefore been given a double name: Virus.Linux.Bi.a/ Virus.Win32.Bi.a

Kaspersky Lab presents the second report covering malware evolution in 2005

At first glance, the March statistics from the online scanner shows that the Online Scanner Top Twenty ratings continue to change radically from month to month.

Over the weekend, we intercepted Trojan-PSW.Win32.LdPinch.ahe – the latest variant of LdPinch. New variant offers to teach users how to trick WebMoney service

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Windows malware

Google – a treasure chest of dark wonders

GpCode.af

Stardust reloaded

GpCode: update

New GpCode spreading

The link between ICQ, FPU and Herndon, Virginia

Parasitic IRCBot in the wild

New ransomware found

New Mytob becoming prevalent

Avarta – an MS Publisher virus

LdPinch…again.

Crossplatform virus – the latest proof of concept

Malware Evolution: 2005, part two

On-line Scanner Top Twenty for March 2006

LdPinch again spammed via ICQ

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails