Threat Category: Windows malware | Page 33

Using malware for extortion: striking, but not new!

It’s less than three months since we added detection for Mytob.a and already we’re well into double figures.

After some analysis it seems that Sober.q hasn’t yet begun spreading, yet. Probably the author only wants the Worm to start spreading when enough computers have been infected with it.

We have just detected a new Email-Worm.Win32.Sober variant, we detect it as Sober.q.

Another malware anniversary

Sober.p currently is not spreading. After days of sending out emails, it’s now checking for updates at predefined locations, which indicates that more malware is likely to follow.

There’s recently been a great deal of talk about Windows for x86-64. One interesting feature of this operating system is that modifying the system structure is forbidden – this includes modifying:

The Bagle author keeps sending out new malware. Earlier today we saw a new Trojan-Proxy.Win32.Mitglieder variant, which is closely related to Bagle.

Last night we detected one new Bagle variant, this variant only had downloading capabilities and no massmailing functionality.

Today we detected a new variant of IM-Worm.Win32.Kelvir – we detect it as Kelvir.k. As always Kelvir is accompanied with an IRCBot, which we detect as Backdoor.Win32.Rbot.gen.

Kaspersky Lab presents the Virus Top Twenty for March 2005

Virus.MSAccess.AccessiV

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Automated mass mailing of malicious code

New Bagle.pac was found in-the-wild. This is another dropper (not a worm) but it was mass-spammed in Russia in last hour.

Reports

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Windows malware

Using malware for extortion: striking, but not new!

New Mytobs, and generic detections

Some info on Sober.q

Sober.p strikes again

Trojan-Downloader.Win32.BMPAgent.a is a year old

Sober.p reaches new heights – and then dies?

Rootkits and Windows for x86-64

More Bagle malware is appearing

Another night, another Bagle

Kelvir changes its approach

Virus Top Twenty for March 2005

First MS Access Virus celebrates seventh birthday

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Virus writers fear no retribution

New Bagle.pac was found in-the-wild

Reports

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Tomiris wreaks Havoc: New tools and techniques of the APT group

ToddyCat: your hidden email assistant. Part 1

Subscribe to our weekly e-mails