Over the last two weeks, we have seen an increase of fake e-mails pretending to contain invoices for various companies including UPS, Fedex and airlines from around the globe.  Subject of such e-mails include “Fedex tracking number 1234567890” or “E-ticket #1234567890”.  The body of the e-mail states that the recipient’s credit card has been charged

With the release of ESET’s Mobile Antivirus, a security solution for smart phones, I started asking myself about mobile threats. While there is not as much malicious software attacking mobile platforms as exists in the desktop world, I was able to find some interesting samples to analyze. The following is an analysis of the WinCE/Brador.A

In the past few weeks there have been many rumors about Rustock.C: many people have talked how hard it is to process, and many people have also complained about the uselessness of a replicant sample made publicly available (MD5 00430470e6754f082b6c2c19d022caea). Actually, I can definitely say that this sample is… very useful. With deep analysis we

If you are a frequent reader of this blog, it is not news to you that malware authors are moving away from a quest for fame toward profit driven operations. Malware authors and controllers are moving to a free market organization where each group has a very precise area of expertise and "outsource" other tasks

It has only been a day since the last strategy shift from the Nuwar gang and they have already gone away from the love letter theme.  By monitoring computers infected with Nuwar, we can keep track of their social engineering schemes.  They are now using a common theme used by the Zlob threat for a

Since Yesterday evening, the gang behind Nuwar (also called the Storm Worm), have registered a number of blogspot accounts to spread their malware. The malicious pages look like the following screen shot. Clicking on the image will redirect the browser to an executable called love.exe while clicking on the link in the text below the

The gang behind Storm missed Easter but they were not going to miss two opportunities in a row! We are witnessing a new Storm campaign around the theme of April Fool’s day. Electronic mails are being sent with titles like "Happy April Fool’s Day.".The body of the message contains a small sentence and a link.

CanSecWest is already over!  This year’s conference was great.  There has been a good mix of talks touching various security related topics including hardware, software and humans.   Tom Liston and Sherri Davidoff presented on memory forensics.  They demonstrated that inspecting the RAM of a computer after its reboot can yield a gold mine of

Another week, another scheme from the Nuwar gang.  We started receiving reports early this morning that new variants of Nuwar are being advertised through spam.  Some of the e-mail subjects include "Please open your ecard." and "This ecard is hillarious!".  The e-mail contains, as usual, a very simple text and a link to a host

Last Friday, a television report was aired on Canadian television, produced in collaboration with ESET.  The topic of the report was, of course, computer security and, specifically, zombie networks (botnets).  To show the viewers the dangers of poor security practice, we plugged a computer without security patches on the Internet and waited to see how