ESET Russia

Win32/Cridex: Java pushes Cyprus into a Blackhole

Banking crisis in Cyprus is now being used in a spam campaign promoting the Blackhole exploit kit and the Win32/Cridex Trojan.

Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx

Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.

All Carberp botnet organizers arrested

Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.

ZeroAccess: code injection chronicles

New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.

Smartcard vulnerabilities in modern banking malware

Aleksandr Matrosov and Eugene Rodionov presented their research into “Smartcard vulnerabilities in modern banking malware” at PHDays’2012.

Carberp and Hodprot: six more gang members held

Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .

Exploit Kit plays with smart redirection (amended)

Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)

Win32/Carberp Gang on the Carpet

Group-IB’s joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.

Rovnix Reloaded: new step of evolution

ESET is seeing a new step of evolution for the Rovnix bootkit family.

Carberp + BlackHole = growing fraud incidents

This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.

Evolution of Win32Carberp: going deeper

This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.

Hodprot is a Hotshot

In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 — one of the best presentations of the workshop, in my unbiased opinion ;-) — Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.

Cycbot: Ready to Ride

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on

TDSS and hacking the hackers

…Aleks and Eugene released a new version of the tool they developed in the course of their research into the TDL family…

Cybercrime corner

… I haven’t recently posted any pointers to our content on SC Magazine’s Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far…) …

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
20 Mar 2013
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.