Geo-political

Offensive / Proactive tactics, will they really work? Blackhat day 1

Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former

OSX/Lamadai.A: The Mac Payload

Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations). The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it. The webserver would serve a platform-specific JAR

From Georgia With Love: Win32/Georbot information stealing trojan and botnet

Malicious software that gets updates from a domain belonging to the Eurasian state of Georgia? This unusual behavior caught the attention of an analyst in ESET's virus laboratory earlier this year, leading to further analysis which revealed an information stealing trojan being used to target Georgian nationals in particular. After further investigation, ESET researchers were

Iranian TOR arms race a shadow of things to come?

Recently, the anonymizing network system TOR's (The Onion Router) traffic was ratcheted to a standstill in Iran, prompting a comparison by one of the TOR project developers to an emerging “arms race”. Users of the service, hoping to evade state censorship/snooping, encrypt the traffic that then gets routed anonymously around the globe. But it seems

Win32/Flooder.Ramagedos botnet participating in DDoS related to elections in Russia

Russia has been in the news for the last week, with thousands of protesters taking to the street to protest against alleged irregularities in the elections held on December 4th. There are also multiple reports of attempts to silence protesters on the Internet, such as DDoS attacks against websites used by the political opposition, the use

Government, Public Interest and Trojans

…this isn’t lawful interception, and it’s not surprising that the AV industry has seen no reason to avoid detecting it…

German Policeware: Use the Farce…er, Force…Luke

On Saturday, another controversial report of a “government trojan” appeared. This time it is the German government that has been accused by the European hacker club Chaos Computer Club (CCC) of using “lawful interception” malware. Hence, “Bundestrojaner” (Federal Trojan), though that name is normally applied to the legal concept that allows German police to make

Another Stuxnet Resources Update

…the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn’t successful…

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.