Threat Category: Windows malware | Page 30

We’ve just issued an alert for Nyxem.e, due to the number of reports we’ve been receiving for the past few days but also because of its destructive payload which activates on 3rd of every month.

I recently came across an interesting IRCBot which KAV detects as Backdoor.Win32.IRCBot.lo. When I took a closer look at it, I found out that it’s quite an advanced bot with a lot of features.

It’s two years to the day that the antivirus industry first encountered Bagle – Email-Worm.Win32.Bagle.a.

Sober.y will attempt to update itself tonight from a predefined set of websites in Germany and Austria.

It was only a matter of time, the first IM-Worm exploiting the wmf vulnerability has been spotted.

Another case of infected storage media

Between yesterday evening and this morning, we intercepted 12 programs created by the authors of Bagle: 5 Trojan downloaders and 7 worms.

Yes another modification. This time, not surprisingly, it’s Trojan-Downloader.Win32.Bagle.f

Sober.y, which is currently the most popular variant, started spreading actively on Monday, November 21.

For the last 24 hours or so we’ve seen a number of new Email-Worm.Win32.Sober variants, some of which we have got an alert out for.

Jerusalem caused the first major computer virus epidemic – it infected enterprises, government offices and academic institutions around the world.

Further information about the new backdoor

The spamming continues. We have just detected the latest variant – Email-Worm.Win32.Bagle.ek

The Bagles are continuing to come in. We’ve detected 6 new variants so far, and just released an urgent update.

Over the course of the last hours we’ve been seeing a number of new Bagles massively spammed. They are detected as Email-Worm.Win32.Bagle.ed-eg.

Reports

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Windows malware

Watch out for Nyxem.e

IM-Bot?

Bagle’s birthday

A Sober night

More on WMF exploitation

Get infected in a flash?

No rest for the Bagles – or for the virus analysts

And another Bagle

Sober.y increased activity

Sober steals your passwords

Once upon a time

More on Backdoor.Win32.Breplibot.b

A fresh Bagle for today

The Bagles keep on rolling in

Bagles massively spammed

Reports

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Subscribe to our weekly e-mails