Threat Category: Windows malware | Page 32

New Bagle.pac was found in-the-wild. This is another dropper (not a worm) but it was mass-spammed in Russia in last hour.

The SpamTool we detected on February 15 harvests emails on infected machines selectively. It turns out that it had been preparing today’s Bagle outbreak.

The first day of spring brought us five new Bagle variants within a few hours. We detect them as Email-Worm.win32.Bagle.bb-.bf

The first macro virus for Microsoft Office appeared seven years ago today. It was first named Macro.Office.Triplicate, later re-named into Virus.MSOffiice.Triplicate when it became apparent that Triplicate was the first of a wave of new malware.

Seven years later we rarely, if ever see new…

Kaspersky Lab first detected this variant in the summer of 2004

In the past two days, we’ve detected seven new versions of Bagle! The new variants range from Bagle.ax to Bagle.ba. Variants from Bagle.ba onwards are currently detected as Bagle.ba.

Read more about the new worms

There are new variants of Bagle circulating actively at the moment: Email-Worm.Win32.Bagle.ax and Email-Worm.Win32.Bagle.ay.

Reputable sites are hosting a trojaned version of a new DC++ build

New MS antispyware tool already targeted by hackers

The dangers of using public computers

Multiple approaches used in the spam runs

Amount of malicious programs continues to grow

Why rename Santy?

Detailed analysis shows that it exploits bad coding

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Windows malware

New Bagle.pac was found in-the-wild

Bagle and SpamTool hand in hand

New Bagles spreading actively

The first macro virus for MS Office

A rose by any other name? Mydoom.bb?

And the Bagles keep on coming

Bagle.ax and Bagle.ay descriptions published

Email-Worm.Win32.Bagle.ax and Bagle.ay

Trojaned build of DC++ found in the wild

Trojans masquerade as Microsoft AntiSpyware

What is public isn’t safe

Different spam runs for same malware

Danger of infection increasing year by year

Santy updates – worm renamed

Update on Santy.e

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails