Threat Category: Windows malware | Page 28

The middle of the month means it’s time for our miscellany, so let’s take a look at what the first month of summer brought us

Blackmailer – the return of Gpcode

We’re seeing a lot of reports about a new version of Backdoor.Win32.IRCBot.acd. This backdoor is a fairly limited IRCBot with spy capabilities combined with MSN-Worm functionality.

June’s top ten features six new malicious programs, half of which are new versions of Trojan downloaders.

Probably the most noteworthy event this month was the disappearance of May’s rabble-rouser, Sober.aa.

First and foremost this includes various means of modifying and packing code, in order to conceal the presence of malicious code in the system and to disrupt the functionality of antivirus solutions.

New Warezov downloader spammed along with banking PDF’s.

Virus writers didn’t take any time off over the public holidays, and the results of their labour have made their way into our May miscellany.

This week we added another unusual detection – detection for a calculator virus Virus.TI.Tigraa.a

May brought a few surprises, with old email worms climbing to the top of the rankings, and a warning of more to come. This month’s Top Twenty also features two classic file viruses.

It’s interesting that the virus writers who are creating Trojan downloaders are actively varying the type of files downloaded, ranging from obviously malicious programs to adware.

Greediest Trojan e-payment systems, stealthiest malicious program, most common malicious program in email traffic, most common Trojan family and others.

Warezov and Zhelatin regularly cause virus outbreaks, hit the headlines, and create a huge amount of work for virus labs around the world, but it’s NetSky.t.

It’s usual for the leader in our online rankings to change, but this month’s leader is very unusual.

Greediest Trojan e-payment systems, stealthiest malicious program, most common malicious program in email traffic, most common Trojan family and others.

Reports

Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.

Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Windows malware

Malware Miscellany, June 2007

Blackmailer – the return of Gpcode

You can teach an old worm new tricks

Online Scanner Top Twenty for June 2007

Virus Top Twenty for June 2007

The evolution of self-defense technologies in malware

A green grin

Malware Miscellany, May 2007

2+2=89?

Virus Top Twenty for May 2007

Online Scanner Top Twenty for May 2007

Malware Miscellany, April 2007

Virus Top Twenty for April 2007

Online Scanner Top Twenty for April 2007

Malware Miscellany, march 2007

Reports

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Kimsuky targets organizations with PebbleDash-based tools

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Subscribe to our weekly e-mails