Malware descriptions

Update on new worm

We have now analysed the new worm (see below) further. It’s actually a new variant of Atak – Email-Worm.Win32.Atak.h. Some variants of this family are similar to some of the Mydoom worms.

Atak.h copies itself to the Windows system directory as dec25.exe

It writes itself to win.ini to ensure that a copy of the worm is launched each time the victim machine is started.

[windows]
run=file path dec25.exe

A full description will be available soon.

Update on new worm

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.