We don't see that many Internet worms these days. It's mostly just bots and trojans. But we just found a new Internet worm, and it's spreading in the wild. The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven't seen before: RDP.

RDP stands for Remote Desktop Protocol. Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.

China is often blamed for launching online attacks, but the evidence is almost always circumstantial. Many of the targeted espionage trojans seem to come from China, but we can't actually prove it.

However, some new evidence has just surfaced.

On 17th of July, a military documentary program titled "Military Technology: Internet Storm is Coming" was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv.cn).

A good deal of this year's mobile malware is being developed in China. And Chinese mobile malware tends to include stuff such as backdoors, password stealers and spy tools.

Knowing that Chinese malware likes to spy, we've been keeping an eye out for various functions, such as photo scraping. Stealing photos from a phone could be used for harassment and blackmail.

We didn't have to look for long. A member our Threat Response team just found something interesting in a Symbian malware sample.

Everybody is talking about Man-In-The-Browser (MITB), so I thought we’d do a little 101 session on how these Man-In-The-Browser Trojans work. As there is way too much focus on the big guns such as Zeus/SpyEye out there, I thought we’d use one of the less known Trojans as an example and even discuss the implications on Mac OS X as well.

In this TrustDefender Labs report we look at a new strain of the notorious Torpig Trojan that gained massive publicity in 2008 when it was distributed together with the Mebroot / MBR virus. In this report we look at a new variant that will do an impressive amount of things completely without administrator privileges.

We recently did an analysis on a trojan, AdSMS, that's been spreading for the last week or so and thought it might make an interesting contrast to the rash of trojanized Android apps that we've been seeing lately.

AdSMS is distributed via a malicious link in a spammed SMS message. The malware appears to be targeted to Android users in mainland China, as the SMS is faked up to look like it's from a major Chinese telecom network and the download link deliberately spoofs a domain name associated with the network.

Android has become the main target for mobile malware.

Here's "Hot Girls 1", which was still yesterday available for download to your Android phone from Android Market:

This application was originally harmless. However, a malicious developer called "Magic Photo Studio" downloaded the original application, modified it and re-uploaded it to Android Market.

In 1990s, we used to have a Mac product. It eventually got discontinued due to lack of threats.

Then, in October 2007, we saw something unusual: a DNS Changer Trojan for OS X.

We estimated the risk level of new Mac malware and as a result, we started developing F-Secure Anti-Virus for Mac.

While we have seen new Mac malware every now and then, many experts have been downplaying the malware risk on Mac OS X systems. But the fact is that we are seeing more and more activity.

Google Search has a problem.

For several weeks now, Google Image search results have been increasingly tainted by Search Engine Optimization (SEO) poisoning. Numerous sites linked to scareware trojans and exploits via Google Image results are discovered every day. Many of these sites would otherwise be considered as safe but they've been compromised by a hack of some sort.

Google's method of crawling for and ranking images is part of the problem.

Some of the most common banking trojans we run into are versions of ZeuS (ZBot) and SpyEye. These are not your average bots. They are commercially developed crimeware. The trick is that the groups that develop and sell ZeuS and SpyEye do not use them themselves.