Author
Jean-Ian Boutin
Jean-Ian Boutin
Malware Researcher

Education? B. Eng. Electical Engineering / M. Eng. Computer Engineering

Highlights of your career? My career highlight at ESET was able to present research I conducted at conferences such as Virus Bulletin and ZeroNights.

Position and history at ESET? I joined ESET in 2011. I am a malware researcher in the Security Intelligence program.

What malware do you hate the most? Win32/SpyEye. It was the first investigation I did when I joined ESET and, while it was a good learning experience, I still resent it ;)

Favorite activities? I love playing with my kids, cycling, jogging and playing the piano.

What is your golden rule for cyberspace? Be paranoid enough.

When did you get your first computer and what kind was it? My dad got me my first computer – a Commodore-64 – in 1988.

Favorite computer game/activity? My favorite computer game is the EA NHL series.

More Info

The Evolution of Webinject

Last month, we presented “The Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

Facebook Webinject Leads to iBanking Mobile Bot

iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone.

Qadars – a banking Trojan with the Netherlands in its sights

The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers – 75% of detections come from this region.

Nymaim: Browsing for trouble

We have already discussed how a system gets infected with Win32/Nymaim ransomware. In this blog post, we reveal a new infection vector, a study of the different international locker designs and ransom prices as well as a complete technical analysis of its communication protocol.

Nymaim – obfuscation chronicles

We look at malware delivered by a campaign that has infected thousands of websites around the world – and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.

Operation Hangover: more links to the Oslo Freedom Forum incident

In our previous post on Operation Hangover, we revealed the existence of an attack group, apparently operating from within India, who were mainly targeting systems in Pakistan. In this post, we will analyze the Mac OS X samples that have been linked to this group and will provide new evidence that the Mac and Windows spywares are related.

Targeted information stealing attacks in South Asia use email, signed binaries

Detailed analysis of a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan.

Online PC Support scam: from cold calling to malware

Here’s a brazen fake antivirus program that falsely declares you are infected, then locks your screen and asks you call a toll free number for Support, which then asks you to pay to remove the fake infection.

Code certificate laissez-faire leads to banking Trojans

Technical analysis of malware that abuses code signing certificates normally used to positively identify a software publisher and to guarantee code is unchanged.

Win32/Gataka – or should we say Zutick?

Win32/Gataka is an information-stealing Trojan that has been previously discussed on this blog here and here. Recently, we came across a post from its author on an underground forum trying to sell his creation. The post contained a help file detailing the inner working of this threat. This blog post will highlight some of the

Win32/Gataka banking Trojan – Detailed analysis

Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we

Win32/Gataka: a banking Trojan ready to take off?

We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.