Threat Category: Windows malware | Page 32

A professional malware market started to emerge at the very end of 2003, gained ground during 2004, and was well established by the beginning of 2005.

Over 2 years have gone by since we’ve seen a true virus in the wild. Most of us here had decided that they might actually be dead. And yet…

On July 13 we received the first sample of Tenga – a true blue virus. Tenga.a was followed by Tenga.b and finally Tenga.c, which arrive just…

Viruses and worms have evolved rapidly over the past few years and now pose a global threat. However, law enforcement agencies are also pooling their resources to gain a global reach.

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files.

Mytob became more active than Mydoom, its predecessor, and this trend looks set to continue. Mytob may come to effectively replace Mydoom.

New developments in Operation Horse Race

During the past hours, we’ve intercepted a flurry of new Bagle variants; apparently, it’s been a busy day for the author, who keeps sending them out.

Two new Bagle variants have been spotted today. Both are 36352 bytes in size and are very similar in operation.

Anniversary of first virus for Win64 platform

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

It’s less than three months since we added detection for Mytob.a and already we’re well into double figures.

After some analysis it seems that Sober.q hasn’t yet begun spreading, yet. Probably the author only wants the Worm to start spreading when enough computers have been infected with it.

We have just detected a new Email-Worm.Win32.Sober variant, we detect it as Sober.q.

Another malware anniversary

Reports

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Windows malware

Watershed in malicious code evolution

Classical viruses ITW – never say die

Global problem, global solution

Multiple Gpcode variants

Malware Evolution: May Roundup

New runner in Horse Race

More Bagle trouble

Fresh Bagles ahead

Rugrat a year old

The proper paranoid attitude to security

Using malware for extortion: striking, but not new!

New Mytobs, and generic detections

Some info on Sober.q

Sober.p strikes again

Trojan-Downloader.Win32.BMPAgent.a is a year old

Reports

ToddyCat: your hidden email assistant. Part 1

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Subscribe to our weekly e-mails