Threat Category: Windows malware | Page 33

Last night we detected one new Bagle variant, this variant only had downloading capabilities and no massmailing functionality.

Today we detected a new variant of IM-Worm.Win32.Kelvir – we detect it as Kelvir.k. As always Kelvir is accompanied with an IRCBot, which we detect as Backdoor.Win32.Rbot.gen.

Kaspersky Lab presents the Virus Top Twenty for March 2005

Virus.MSAccess.AccessiV

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Automated mass mailing of malicious code

New Bagle.pac was found in-the-wild. This is another dropper (not a worm) but it was mass-spammed in Russia in last hour.

The SpamTool we detected on February 15 harvests emails on infected machines selectively. It turns out that it had been preparing today’s Bagle outbreak.

The first day of spring brought us five new Bagle variants within a few hours. We detect them as Email-Worm.win32.Bagle.bb-.bf

The first macro virus for Microsoft Office appeared seven years ago today. It was first named Macro.Office.Triplicate, later re-named into Virus.MSOffiice.Triplicate when it became apparent that Triplicate was the first of a wave of new malware.

Seven years later we rarely, if ever see new…

Kaspersky Lab first detected this variant in the summer of 2004

In the past two days, we’ve detected seven new versions of Bagle! The new variants range from Bagle.ax to Bagle.ba. Variants from Bagle.ba onwards are currently detected as Bagle.ba.

Reports

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Windows malware

Another night, another Bagle

Kelvir changes its approach

Virus Top Twenty for March 2005

First MS Access Virus celebrates seventh birthday

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Virus writers fear no retribution

New Bagle.pac was found in-the-wild

Bagle and SpamTool hand in hand

New Bagles spreading actively

The first macro virus for MS Office

A rose by any other name? Mydoom.bb?

And the Bagles keep on coming

Bagle.ax and Bagle.ay descriptions published

Email-Worm.Win32.Bagle.ax and Bagle.ay

Trojaned build of DC++ found in the wild

Reports

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Subscribe to our weekly e-mails