Botnet

Win32/Duqu analysis: the RPC edition

ESET Researchers have investigated Win32/Duqu’s RPC mechanism.

TDL4 rebooted

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

Back to School Qbot, now Digitally Signed

The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed. Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007,

1000 days of Conficker

Nearly three years old, the Conficker worm continues to pose a threat to PCs. Aryeh Goretsky wants to know why this is, and what can be done about it.

Urban Myth in the Making

…you can probably guess what I think about the idea of an undetectable virus…

Manga Management and Malware

…one Yasuhiro Kawaguchi was arrested yesterday on suspicion of “saving a virus on his computer,” though the story suggests distribution of malware too…

Stop spam/botnets? Follow the money

It’s no secret that spam/botnets are big business. There are a multitude of variations on a familiar theme, but after they trick unwitting users, what happens to the money? University of California wondered the same thing. In their recent report, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” they analyze where the money goes,

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on

TDL Tracking: Peer Pressure

Recently … our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen earlier … we discovered that it implements a particularly interesting network communication protocol …

Yesterday’s Virus Hoax is Today’s Fake Utility

One of the (few) blessings of having been so long in this industry is that I remember a time when most malware was viral and Trojans were rare: so rare, in fact, that there was at one time a notorious "dirty dozen" set of Trojans.  At around the same time, there were innumerable hoaxes describing malware with

Coreflood dries up

The US Department of Justice's announcement yesterday of the takedown of the command and  control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing awareness that crime, whether it is committed with bullets or with botnets, is still crime.  This particular botnet,

Coreflood Reduced to a Backwater

Here’s a little information from ESET’s point of view about the Coreflood botnet, whose C&C (Command and Control) servers were taken down yesterday by the Department of Justice. The Coreflood bot is detected by ESET products as Win32/Afcore and has been active since the early years of the last decade (certainly since 2001), though our

TDSS: The Next Generation

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

Hacking by Proxy

The BBC program Panorama last night investigated claims that the News of the World hired a hacker to break into a subject's PC to steal emails. In fact, it appears that the unnamed hacker installed a Trojan on the victim's PC. Which sounds like a fairly unequivocal breach of the Computer Misuse Act, which outlaws

New Link on White Papers Page

…This paper, presented at the Annual Computer Security Applications Conference (2010) … discusses alternative approaches to understanding botnet mechanisms, using “in the lab” experiments involving at-scale emulated botnets…

First, Catch Your Botnet

The paper presents an alternative approach to botnet research, employing “in the lab” experiments involving at-scale emulated botnets.

IM to Spread Malware: the Butterfly Effect

This weekend, an unnamed worm forced Microsoft to temporarily suspend active links  in Live Messenger 2009, in order to prevent the aggressive worm from spreading further. This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all! For example,

Fighting the Botnet Wars

Bart Parys (@bartblaze) recently contacted me about research he was conducting into botnets, exploit kits and so on. His article "The Botnet Wars: a Q&A" is now up. While Bart himself is a Technical Support Engineer at Panda Security, he's taken the approach of asking a number of experts and commentators (I'll leave it to

Stock Manipulation Botnets Gain Ground

The attacks from cybercriminals are now occurring in the online stock and equity trading world. Instead of simply emptying out compromised brokerage accounts, cybercriminals apparently are refining their attacks and striking at broader and more lofty goals: the trust mechanisms of business equity valuations with publicly traded stocks and equities. George Hulme, InformationWeek contributing writer

Library of Congress Acquires Entire Twitter Archive

Since the feed will be public and historic, there is a potential to research trends over the timeline, particularly as twitter is being used for more command and control functionality. As soon as it becomes available, we’ll follow up. :)

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

28 Oct 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.