Threat Category: Windows malware | Page 32

Jerusalem caused the first major computer virus epidemic – it infected enterprises, government offices and academic institutions around the world.

Further information about the new backdoor

The spamming continues. We have just detected the latest variant – Email-Worm.Win32.Bagle.ek

The Bagles are continuing to come in. We’ve detected 6 new variants so far, and just released an urgent update.

Over the course of the last hours we’ve been seeing a number of new Bagles massively spammed. They are detected as Email-Worm.Win32.Bagle.ed-eg.

Net-Worm.Win32.Mytob.bi ?

Here in Russia we are getting letters from users who have been hit by Virus.Win32.JuNy.b.

As the previous post says, there have been a lot of new Bagle modifications in the last 24 hours. And they’re continuing.

During the last six hours or so we’ve seen another flurry of Bagle variants.

We’ve just released an urgent update for the fourth spammed Bagle. And just like before these Bagles don’t spread any further.

During the past few months Kaspersky Lab analysts have observed a surge in the number of rootkits detected. What has caused this growth and what risks do rootkits pose to users?

We’ve recently detected a third modification of Email-Worm.Win32.Monikey. Our interest was piqued by the fact that Monikey incorporates modifications of Trojan-PSW.Win32.Vipgsm and Trojan-PSW.Win32.LdPinch.

We’ve decided to rename Net-Worm.Win32.Small.d to Net-Worm.Win32.Bozori.a. Infection reports are coming mostly from the USA, with some high-profile targets being hit.

We’ve received numerous reports on a new worm spreading via the PnP vulnerability. We detect it as Net-Worm.Win32.Small.d.

A quick update: over the last twenty four hours, we had eleven new Bagle variants, from Bagle.bz to Bagle.cj.

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Windows malware

Once upon a time

More on Backdoor.Win32.Breplibot.b

A fresh Bagle for today

The Bagles keep on rolling in

Bagles massively spammed

Quake IV released

New file-encryptor on the loose in Russia

And even more Bagles

More Bagles…

New series of Bagles being spammed

Rootkits and how to combat them

Monikey or: the continuing evolution of Bagle

60 seconds before shutdown – again

New PnP worm spreading

And the Bagles just keep on coming

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails