category
Group-IB

Carberp and Hodprot: six more gang members held

Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .

Carberp Gang Evolution: CARO 2012 presentation

The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.

Win32/Carberp Gang on the Carpet

Group-IB’s joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.

Carberp white paper: now with added pictures

“Win32/Carberp: When You’re in a Black Hole, Stop Digging” aggregates most of our published material on Carberp into a single resource.

Carberp + BlackHole = growing fraud incidents

This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.

Evolution of Win32Carberp: going deeper

This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.

Hodprot is a Hotshot

In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 — one of the best presentations of the workshop, in my unbiased opinion ;-) — Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.

Cybercrime corner

… I haven’t recently posted any pointers to our content on SC Magazine’s Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far…) …

Sheldor-Shocked

My Russian colleague Aleksandr Matrosov reports that this week he received an interesting sample from forensic investigation specialists Group-IB. The threat in question is detected by ESET products as Win32/Sheldor.NAD, and coverage by other vendors is reasonable: see http://www.virustotal.com/file-scan/report.html?id=9f3ff234d5481da1c00a2466bc83f7bda5fb9a36ebc0b0db821a6dc3669fe4e6-1294926672. The interesting feature of this sample is that it uses the TeamViewer 5.0 standalone component to effect remote control of the

Dr. Zeus: the Bot in the Hat

…behaviour like this has been observed in other versions of Zeus. The really interesting discovery in this case is associated with the way in which these samples search for logical devices attached to an infected computer….

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
04 Jun 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.