New stolen digital certificates are used by the multi-purpose backdoor Qbot. The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed.
Spam that advertises Canadian pharmacies makes up a very significant percentage of all the spam out there. Part of the reason there is so much of this spam is that it works. There is a huge incentive driven extensively by the American pharmaceutical industry keeping prices artificially high in America. Many Americans cannot afford the
Lots of fuss about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5 hash value).
Tesco Bank, which recently saw thousands of its customers lose funds to cybercriminals, has been found on the target list of the so-called Retefe malware.
New ransomware infecting Apple OS X surfaced on March 4th, 2016, with the emergence of KeRanger. The first inkling of trouble came at the weekend.
Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with
My Russian colleague Aleksandr Matrosov reports that this week he received an interesting sample from forensic investigation specialists Group-IB. The threat in question is detected by ESET products as Win32/Sheldor.NAD, and coverage by other vendors is reasonable: see http://www.virustotal.com/file-scan/report.html?id=9f3ff234d5481da1c00a2466bc83f7bda5fb9a36ebc0b0db821a6dc3669fe4e6-1294926672. The interesting feature of this sample is that it uses the TeamViewer 5.0 standalone component to effect remote control of the
On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is
Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only
This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee
A new holiday season scam campaign is plaguing social media – and this time it’s pretending to sell heavily discounted Uggs, reports ESET’s Ondrej Kubovič.
If you fail to take proper care, it would be all too easy to type your password into a phishing site and hand control of your website over to a online criminal gang.
A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.
Online banking from the comfort of your own home makes life much easier, but you may still be at risk of cybercrime. We look at how to stay safe.
How much of people’s willingness to ignore security warnings is down to their brains?
The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.
Facebook has opened its doors to privacy concerned users, but opening up a dedicated Tor link, guaranteeing that people who visit the social networking site through anonymous browsers aren’t mistaken for botnets, Gizmodo reports.