Threat Category: Windows malware | Page 31

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

It’s less than three months since we added detection for Mytob.a and already we’re well into double figures.

After some analysis it seems that Sober.q hasn’t yet begun spreading, yet. Probably the author only wants the Worm to start spreading when enough computers have been infected with it.

We have just detected a new Email-Worm.Win32.Sober variant, we detect it as Sober.q.

Another malware anniversary

Sober.p currently is not spreading. After days of sending out emails, it’s now checking for updates at predefined locations, which indicates that more malware is likely to follow.

There’s recently been a great deal of talk about Windows for x86-64. One interesting feature of this operating system is that modifying the system structure is forbidden – this includes modifying:

The Bagle author keeps sending out new malware. Earlier today we saw a new Trojan-Proxy.Win32.Mitglieder variant, which is closely related to Bagle.

Last night we detected one new Bagle variant, this variant only had downloading capabilities and no massmailing functionality.

Today we detected a new variant of IM-Worm.Win32.Kelvir – we detect it as Kelvir.k. As always Kelvir is accompanied with an IRCBot, which we detect as Backdoor.Win32.Rbot.gen.

Kaspersky Lab presents the Virus Top Twenty for March 2005

Virus.MSAccess.AccessiV

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Automated mass mailing of malicious code

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Windows malware

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

New Mytobs, and generic detections

Some info on Sober.q

Sober.p strikes again

Trojan-Downloader.Win32.BMPAgent.a is a year old

Sober.p reaches new heights – and then dies?

Rootkits and Windows for x86-64

More Bagle malware is appearing

Another night, another Bagle

Kelvir changes its approach

Virus Top Twenty for March 2005

First MS Access Virus celebrates seventh birthday

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Virus writers fear no retribution

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails