At first month of new 2012 year were observed, in general, a lot of various ransomware, fake antiviruses and passwords stealers. At first quarter of January there was new type of ransomware - Reveton. It spreads via BlackHole EK and is a downloader of ransomware/malicious html-pages (with js) on various languages (Italian, Spanish, German, UK and French).
From fake AV most active were FakeRean, that has a new covers and spread also from BH.
As usual active were FakePoliceAlert ransomware - French, that replaces explorer.exe file, GEMA and "Firefox" - ransomware for German users.
GEMA has a view.
French.
So, threats are:
- FakeAV (Defmid, FakeRean, FakeScanti, FakeSysdef, FakeVimes, Winwebsec).
- Ransomware: Reveton, French, GEMA, German.
- Sinowal passwords stealer with bootkit component, was observed via BH.
- Various passwords stealers, including OnlineGames-like and ZBot-like, including self ZBot.
- SpyEye (also samples with FUD).
- Caphaw.A backdoor.
- ZeroAccess.
Note: All threats were observed with help of public malware sources trackers and honeypots.
