Threat Category: Windows malware | Page 28

A very nice description of a Trojan which in an attempt to keep other “competitors” out, installs an antivirus which it uses to keep the system clean. Unsurprisingly, the antivirus which the Trojan installs is KAV

This latest half-yearly report covers the most significant changes in malicious code evolution over the last six months and included a number of predictions as to how the situation may develop based on the statistics we have today.

Slander and plagiarism

Why viruses aren’t elks

No justification for writing malware

Over the weekend we saw the first malware to exploit MS06-040 – Backdoor.Win32.IRCBot.st.

Unlocking Pandora’s box with malware search engines

Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.

We have just received a new version of the StarOffice malware we wrote about last week.

The good news is that we’ve sorted the GpCode encryption algorithm, and added a decryption routine to the latest antivirus database updates.

Two hours ago we started receiving multiple emails from users with encrypted documents. Virus.Win32.GpCode.ae is responsible for this outbreak – this is a new variant of something we’ve reported on before.

Malware seeded on ICQ makes use of FPU instructions to avoid detection.

Almost a year ago we wrote about Tenga, a classic file infector with worm and trojan-downloader functionality. Recently we added detection for something similar: Virus.Win32.Virut.4960.

A new piece of ransomware, called Ransom.a by most AV vendors, has been spotted in the wild. Evidence received so far suggests that this Trojan can be found on P2P networks.

Early this morning we released an update for Net-Worm.Win32.Mytob.eg. Since then we’ve been seeing a clear increase in the number of samples.

Reports

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Windows malware

Backdoor.Win32.Agent.uu aka Spamthru

Kaspersky Security Bulletin, January – June 2006: Malware Evolution

No good deed goes unpunished

Good guys doing bad things, part 2

Good guys doing bad things

Current state of MS06-040

Google – a treasure chest of dark wonders

GpCode.af

Stardust reloaded

GpCode: update

New GpCode spreading

The link between ICQ, FPU and Herndon, Virginia

Parasitic IRCBot in the wild

New ransomware found

New Mytob becoming prevalent

Reports

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Subscribe to our weekly e-mails