Threat Category: Windows malware | Page 33

There are new variants of Bagle circulating actively at the moment: Email-Worm.Win32.Bagle.ax and Email-Worm.Win32.Bagle.ay.

Reputable sites are hosting a trojaned version of a new DC++ build

New MS antispyware tool already targeted by hackers

The dangers of using public computers

Multiple approaches used in the spam runs

Amount of malicious programs continues to grow

Why rename Santy?

Detailed analysis shows that it exploits bad coding

We have just received two very similar Cabir variants, purportedly from the author. This person claims that he/she has the source code and can make new worms instead of only Cabir variants.

In last four hours, we’ve detected three new variants of Email-Worm.Win32.Atak.

It’s actually a new variant of Atak – Email-Worm.Win32.Atak.h. Some variants of this family are similar to some of the Mydoom worms.

Vxer host returns

Vxer resource unavailable

Is 29A falling to pieces?

A brief overview of the evolution of malicious code in October 2004.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

Email-Worm.Win32.Bagle.ax and Bagle.ay

Trojaned build of DC++ found in the wild

Trojans masquerade as Microsoft AntiSpyware

What is public isn’t safe

Different spam runs for same malware

Danger of infection increasing year by year

Santy updates – worm renamed

Update on Santy.e

New Cabir variant

More on Atak

Update on new worm

Virus writing resource back

Web host for virus writers closed

Benny, Ratter questioned

Malware Evolution: October Roundup

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails