category
bootkit

Olmasco bootkit: next circle of TDL4 evolution (or not?)

Analysis of the Olmasco bootkit: a TDL4 variation with an interesting approach to dropper technology

Defeating anti-forensics in contemporary complex threats

Alexandr Matrosov summarizes the evolution of complex threats using hidden storage, as discussed in his presentation with Eugene Rodionov at Virus Bulletin 2012.

A white paper: Windows 8’s Security Features

[NOTE: For the latest information about compatibility between ESET's software and Windows 8, please see the following blog post: W8ing for V6: What ESET has in store for Windows 8 Users. (10/23/2012, 4:15PM)] Windows 8 will be available to the public in three weeks, and interest in the latest version of Microsoft’s flagship operating system

Mac OSX/iOS hacks at Blackhat – are scammers setting their sights?

For years scammers and hackers  focused largely on Windows x86-based platforms, in many ways because that’s where the bulk of the users were. But times change, and new targets emerge. At Blackhat and Defcon last week we saw a flurry of talks on Mac OSX/iOS security,  trying to illuminate possible chinks in the armor. From

Rakshasa hardware backdooring: the demon that can't be exorcized?

Jonathan Brossard describes an ‘undetectable, unremovable’ attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn’t convinced.

Rovnix.D: the code injection story

Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.

Rovnix bootkit framework updated

Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.

ZeroAccess? Much too much access…

Why the ZeroAccess rootkit family modifications are important to the end user.

ZeroAccess: code injection chronicles

New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.

Rovnix Reloaded: new step of evolution

ESET is seeing a new step of evolution for the Rovnix bootkit family.

Facebook Fakebook: New Trends in Carberp Activity

Facebook fraud, Carberp, statistics and a DDoS plugin.

Bootkit Threat Evolution in 2011

ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.

A dozen predictions for 2012

While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in

Carberp + BlackHole = growing fraud incidents

This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.

TDL4 rebooted

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

New white paper & presentations, and an SC Mag article

A new conference paper, two conference presentations, and an article for SC Magazine.

Hasta La Vista, Bootkit: Exploiting the VBR

During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.

TDSS and hacking the hackers

…Aleks and Eugene released a new version of the tool they developed in the course of their research into the TDL family…

TDL4: Beat-root with Confidence

…Aleksandr Matrosov and Eugene Rodionov recently delivered a presentation on “Defeating x64: The Evolution of the TDL Rootkit” at Confidence 2011, in Krakow, and now available on our white papers page…

The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )

Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.