Windows malware

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files.

Mytob became more active than Mydoom, its predecessor, and this trend looks set to continue. Mytob may come to effectively replace Mydoom.

New developments in Operation Horse Race

During the past hours, we’ve intercepted a flurry of new Bagle variants; apparently, it’s been a busy day for the author, who keeps sending them out.

Two new Bagle variants have been spotted today. Both are 36352 bytes in size and are very similar in operation.

Anniversary of first virus for Win64 platform

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

It’s less than three months since we added detection for Mytob.a and already we’re well into double figures.

After some analysis it seems that Sober.q hasn’t yet begun spreading, yet. Probably the author only wants the Worm to start spreading when enough computers have been infected with it.

We have just detected a new Email-Worm.Win32.Sober variant, we detect it as Sober.q.

Another malware anniversary

Sober.p currently is not spreading. After days of sending out emails, it’s now checking for updates at predefined locations, which indicates that more malware is likely to follow.

There’s recently been a great deal of talk about Windows for x86-64. One interesting feature of this operating system is that modifying the system structure is forbidden – this includes modifying:

The Bagle author keeps sending out new malware. Earlier today we saw a new Trojan-Proxy.Win32.Mitglieder variant, which is closely related to Bagle.