Threat Category: Windows malware | Page 31

Over 2 years have gone by since we’ve seen a true virus in the wild. Most of us here had decided that they might actually be dead. And yet…

On July 13 we received the first sample of Tenga – a true blue virus. Tenga.a was followed by Tenga.b and finally Tenga.c, which arrive just…

Viruses and worms have evolved rapidly over the past few years and now pose a global threat. However, law enforcement agencies are also pooling their resources to gain a global reach.

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files.

Mytob became more active than Mydoom, its predecessor, and this trend looks set to continue. Mytob may come to effectively replace Mydoom.

New developments in Operation Horse Race

During the past hours, we’ve intercepted a flurry of new Bagle variants; apparently, it’s been a busy day for the author, who keeps sending them out.

Two new Bagle variants have been spotted today. Both are 36352 bytes in size and are very similar in operation.

Anniversary of first virus for Win64 platform

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

It’s less than three months since we added detection for Mytob.a and already we’re well into double figures.

After some analysis it seems that Sober.q hasn’t yet begun spreading, yet. Probably the author only wants the Worm to start spreading when enough computers have been infected with it.

We have just detected a new Email-Worm.Win32.Sober variant, we detect it as Sober.q.

Another malware anniversary

Sober.p currently is not spreading. After days of sending out emails, it’s now checking for updates at predefined locations, which indicates that more malware is likely to follow.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

Classical viruses ITW – never say die

Global problem, global solution

Multiple Gpcode variants

Malware Evolution: May Roundup

New runner in Horse Race

More Bagle trouble

Fresh Bagles ahead

Rugrat a year old

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

New Mytobs, and generic detections

Some info on Sober.q

Sober.p strikes again

Trojan-Downloader.Win32.BMPAgent.a is a year old

Sober.p reaches new heights – and then dies?

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails