Browsing category
Analysis of malicious code dubbed Win32/Caphaw (a.k.a. Shylock) attacking major European banks, with ability to automatically steal money when the user is actively accessing his banking account.
NBC.com may have sent visitors to infected URLs serving up Trojan software (RedKit) for 24 hours. At the time of this blog post ESET researchers still see some related sites similarly compromised.
Technical analysis of malware that abuses code signing certificates normally used to positively identify a software publisher and to guarantee code is unchanged.
ESET Ireland’s Urban Schrott has blogged recently that “Research reveals nearly half of all Irish computers depend on free antivirus for protection”.
ESET’s threat researchers received a surprise earlier this week when they began receiving reports from ESET LiveGrid that downloads of ComboFix, a tool popular with advanced users for removing malware, were detected as being infected by a variant of the Sality virus, Win32/Sality.NBA.
I received a “shared” messages from a friend about “a leaked scandal video of Justin Bieber and Selana Gomez” promising a “naked Justin Bieber”, with a Photoshopped picture, which we – for family-friendliness – censored a bit.
At the beginning of January 2013, we started tracking the interesting Win32/Redyms trojan family. Redyms is notable for changing search results from popular search engines on infected machines.
Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto)and IRC (Win32/AutoRun.IRCBot.AK),
A Java vulnerability seemingly discovered by a French researcher has been confirmed by the US Government.
Offending the AV industry is one thing, but do you want to base a security strategy (at home or work) on a PR exercise based on a statistical misunderstanding? (Yes, I’m being diplomatic here…)
For several years now, antivirus researchers have observed increasing efficiency and sophistication in malware development and distribution. At the start of 2012, I began using the term “industrialization of malware” to describe this phenomenon. I also drew a picture of the fictitious enterprise “Malware, Inc.” as a means of conveying the transformation that malware has
Apache modules are add-on code taking advantage of the Apache module API to extend the functionality of the standard Apache distro. In this case, the binary’s functionality was malicious, but there is no exploitation of a known Apache vulnerability in this case.
Win32/Spy.Ranbyus shows how it is possible to bypass payment transaction signing/authentication with smartcard devices and has started to modify java code in one of the most popular remote banking systems (RBS) in the Ukraine.
More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, we were understandably concerned.
Win32/Gataka is an information-stealing Trojan that has been previously discussed on this blog here and here. Recently, we came across a post from its author on an underground forum trying to sell his creation. The post contained a help file detailing the inner working of this threat. This blog post will highlight some of the
In July 2012, our virus laboratory came across what we first thought was a new family of malware. The threat spread by infecting Portable Executable or PE files used by Windows, but this malware also infected systems through remote desktop and network shares. After further analysis, we realized we were dealing with a new version
Win32/TrojanDownloader.Wauchos, a Trojan downloader that peaked briefly back in May, is enjoying a resurgence in the UK and Europe thanks to an energetic spam campaign.
Six months ago, Flashback was attracting a lot of attention from researchers and media due to its wide spread and interesting features. Since then, we have witnessed its operator abandoning control of the botnet by shutting down its latest command and control server. This happened in May this year. The number of infected systems has
The odds against losing money may be better with cash machines than fruit machines, but why neglect simple, obvious precautions?
Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT
A crime wave of malware that demands money from victims to avoid prosecution by the FBI has been alarming web surfers across America. Victims suddenly find their computer frozen, and an official-looking page, like the one shown below, is displayed in their web browser. The FBI and the Internet Crime Complaint Center (IC3) have received