Windows trojans

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running on Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. Th

BonziBuddy ( or , stylized as BonziBUDDY) is a discontinued freeware desktop virtual assistant created by Joe and Jay Bonzi. Upon a user's choice, it would share jokes and facts, manage downloads, sing songs and talk, among other functions.

computer Trojan horse

MEMZ is a trojan horse created for Microsoft Windows. The name of the malware refers to its purpose as a humorous Trojan intended to replicate the effects of early computer viruses.

Emotet is a malware strain and a cybercrime operation believed to be based in Ukraine. The malware, also known as Heodo, was first detected in 2014 and deemed one of the most prevalent threats of the decade. In 2021, the servers used for Emotet were disrupted through global police action in Germany and Ukraine and brought under the control of law enforcement. Despite this disruption, Emotet resurfaced in subsequent years with new capabilities, continuing to be regarded as one of the Internet’s most persistent and adaptable threats.

Sub7, or SubSeven or Sub7Server, is a Trojan horse - more specifically a Remote Trojan Horse - program originally released in February 1999.

SpySheriff (also known as BraveSentry 2.0, among other names) was malware that disguised itself as anti-spyware software created by Innovative Marketing Inc. or under alternate name Innovagest 2000. It attempted to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompted the user to pay to remove them. The software was particularly difficult to remove, since it nested its components in System Restore folders, and also blocked some system management tools. However, SpySheriff could b

Dridex, also known as Bugat and Cridex, is a type of malware that specializes in stealing bank credentials through a system that utilizes macros from Microsoft Word.

njRAT, also known as Bladabindi, is a Remote Access Trojan (RAT) with user interface or trojan which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East. It can be spread through phishing and infected drives. To date, there are many versions of this virus, the most famous of which is njRAT Green Edition.

Locky is ransomware malware released in 2016. It is delivered by email (that is allegedly an invoice requiring payment) with an attached Microsoft Word document that contains malicious macros. When the user opens the document, it appears to be full of gibberish, and includes the phrase "Enable macro if data encoding is incorrect," a social engineering technique. If the user does enable macros, they save and run a binary file that downloads the actual encryption Trojan, which will encrypt all files that match particular extensions. Filenames are converted to a unique 16 letter and number combin

malware

thumb | right DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.

BlackEnergy Malware was first reported in 2007 as an HTTP-based toolkit that generated bots to execute distributed denial of service attacks. It was created by Russian hacker Dmyrtro Oleksiuk around 2007. Oleksiuk also utilized the alias Cr4sh. In 2010, BlackEnergy 2 emerged with capabilities beyond DDoS. In 2014, BlackEnergy 3 came equipped with a variety of plug-ins. A Russian-based group known as Sandworm (aka Voodoo Bear) is attributed with using BlackEnergy targeted attacks. The attack is distributed via a Word document or PowerPoint attachment in an email, luring victims into clicking th

Sony BMG's implementation of copy protection measures

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

copy protection rootkit by Sony BMG

computer virus

Hitler-Ransomware, or Hitler-Ransonware, is a form of ransomware created in 2016 originating in Germany. It requests payment within one hour; otherwise, it will delete files from the infected computer.

peer-to-peer botnet

SpyEye is a malware program that attacks users running Google Chrome, Safari, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account.