Threat Category: Windows malware | Page 28

This latest half-yearly report covers the most significant changes in malicious code evolution over the last six months and included a number of predictions as to how the situation may develop based on the statistics we have today.

Slander and plagiarism

Why viruses aren’t elks

No justification for writing malware

Over the weekend we saw the first malware to exploit MS06-040 – Backdoor.Win32.IRCBot.st.

Unlocking Pandora’s box with malware search engines

Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.

We have just received a new version of the StarOffice malware we wrote about last week.

The good news is that we’ve sorted the GpCode encryption algorithm, and added a decryption routine to the latest antivirus database updates.

Two hours ago we started receiving multiple emails from users with encrypted documents. Virus.Win32.GpCode.ae is responsible for this outbreak – this is a new variant of something we’ve reported on before.

Malware seeded on ICQ makes use of FPU instructions to avoid detection.

Almost a year ago we wrote about Tenga, a classic file infector with worm and trojan-downloader functionality. Recently we added detection for something similar: Virus.Win32.Virut.4960.

A new piece of ransomware, called Ransom.a by most AV vendors, has been spotted in the wild. Evidence received so far suggests that this Trojan can be found on P2P networks.

Early this morning we released an update for Net-Worm.Win32.Mytob.eg. Since then we’ve been seeing a clear increase in the number of samples.

The spring seems to be a prolific time for new ideas and proof of concept viruses. However, not all of them are a cause for concern.

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Windows malware

Kaspersky Security Bulletin, January – June 2006: Malware Evolution

No good deed goes unpunished

Good guys doing bad things, part 2

Good guys doing bad things

Current state of MS06-040

Google – a treasure chest of dark wonders

GpCode.af

Stardust reloaded

GpCode: update

New GpCode spreading

The link between ICQ, FPU and Herndon, Virginia

Parasitic IRCBot in the wild

New ransomware found

New Mytob becoming prevalent

Avarta – an MS Publisher virus

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails