Education? Master’s Degree in Computer Science from the Slovak University of Technology in Bratislava
Highlights of your career? Giving presentations at several security conferences, including EICAR, CARO, and Virus Bulletin.
Position and history at ESET? Malware Researcher since 2007, currently holds the position Security Intelligence Team Lead.
What malware do you hate the most? Grayware/PUAs – when malware authors complain about detection and try to convince you they’re not malware.
Favorite activities? Snowboarding, listening to music, playing guitar…
What is your golden rule for cyberspace? Be reasonably paranoid..
When did you get your first computer and what kind was it? During primary school. It was an Intel 8088 palmtop, used it for programming in GW-BASIC
Favorite computer game/activity? Project I.G.I.
ESET has discovered a Linux variant of the KillDisk component that renders Linux machines unbootable, while encrypting files and requesting a large ransom at the same time.
After BlackEnergy and Operation Potao Express, ESET researchers have uncovered another cyberespionage operation in Ukraine: Operation Groundbait.
Lock-screen types and file-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. ESET has prepared a topical white paper on the growth of this insidious Android malware.
ESET has discovered a new wave of cyberattacks attacks against Ukraine’s electric power industry. Interesting, the malware that was used is not BlackEnergy.
The recent attacks on the electrical power industry in Ukraine are connected to attacks on the media and to targeted cyber-espionage attacks against Ukrainian governmental agencies.
Operation Patao Express – Attackers spying on high-value targets in Ukraine, Russia and Belarus, and their TrueCrypt-encrypted data.
Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.
After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one
In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.
State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.
One of the most important pieces of advice we give Android users is to refrain from downloading applications from dubious sources and to stick to the official Google Play store, where malware does show up from time to time but is much better controlled, thanks to the Google Bouncer, than on alternative app stores.
Last time we wrote about Android/Simplocker – the first ransomware for Android that actually encrypts user files – we discussed different variants of the malware and various distribution vectors that we’ve observed. Android/Simplocker has proven to be an actual threat in-the-wild in spite of its weaknesses…
ESET LiveGrid® telemetry has indicated several new infection vectors used by Android/Simplocker. The “typical” ones revolve around internet porn, or popular games like Grand Theft Auto: San Andreas.
Last weekend saw the (somewhat anticipated) discovery of an interesting mobile trojan – the first spotting of a file-encrypting ransomware for Android by our detection engineers.
Win32/Corkow is banking malware with a focus on corporate banking users. We can confirm that several thousand users, mostly in Russia and Ukraine, were victims of the Trojan in 2013. In this post, we expand on its unique functionality.
Last month we discovered filecoder malware which called itself “Cryptolocker 2.0”. Naturally, we wondered if this is a newer version of the widespread ransomware from the creators of the first. We look at the details that hint that it might have been created by some other, unknown, cybercrime gang.
In September we informed about a new banking trojan called Hesperbot (detected as Win32/Spy.Hesperbot). The perpetrators responsible for the threat are still active – November has been particularly eventful. In this post, we’ll give an update on the situation and malware developments.
Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decryptor utility are nothing new. We’ve noted a significant increase in Filecoder activity over the past few summer months – in this blog post we address the questions we’re getting about this issue.
Sign up to our newsletter
The latest security news direct to your inbox
Add this code to your site