Threat Category: Windows malware | Page 33

We have just received two very similar Cabir variants, purportedly from the author. This person claims that he/she has the source code and can make new worms instead of only Cabir variants.

In last four hours, we’ve detected three new variants of Email-Worm.Win32.Atak.

It’s actually a new variant of Atak – Email-Worm.Win32.Atak.h. Some variants of this family are similar to some of the Mydoom worms.

Vxer host returns

Vxer resource unavailable

Is 29A falling to pieces?

A brief overview of the evolution of malicious code in October 2004.

More from the AVAR 2004 conference in Tokyo

A clean computer gets infected very quickly

Why are viruses given the names that they have?

We found some unusual backdoors in the past few weeks. They seem like standard variants of Agobot, Rbot and other bots controlled via IRC. However, they contain files that work like EPO viruses.

Yesterday was hot with two new Bagles let loose. The worms were mailed using spam methods in one of the largest mass mailings this year. I hope that the weekend will mean the outbreak will calm down.

The third Bagle we saw yesterday was almost identical to the first two, except for a mistake…

We detected a new variant of Zafi today, Zafi.c. The first two Zafi’s spread widely, so we plan to keep a close eye on how things go.

It’s now the end of October and we haven’t seen any serious email worm outbreaks for months.

When I sit down to think of…

Today’s threats spread further and faster than ever before. This makes updating your antivirus databases regularly essential.

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Windows malware

New Cabir variant

More on Atak

Update on new worm

Virus writing resource back

Web host for virus writers closed

Benny, Ratter questioned

Malware Evolution: October Roundup

Japan – high technology, high security

How much malicious code is really out there?

More on malware classification

Virus techniques being used in Trojans

Yesterday’s Bagles – how dangerous are they?

New Zafi, New cyberwar?

The end of the Age of Worms?

Antivirus updating – why it’s more important than ever before

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails