category
Malware

Infographic: a brief history of malware

Malware has come a long way since its earliest days, and aided by the rapid development of the internet it’s certainly faster spreading than the weeks it took in the days of floppy disk transfer.

Operation Windigo: “Good job, ESET!” says malware author

Following the recognition at Virus Bulletin 2014 of ESET’s research on Operation Windigo, I took the opportunity to ask Marc-Etienne Léveillé – who worked directly on the Operation Windigo report a few questions. Marc-Etienne is a malware researcher at ESET.

CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

Kmart hit by malware credit card breach

Sears Holding Co. is the latest high profile name to announce the discovery of malicious credit and debit card stealing malware in its point of sale registers at its Kmart stores, writes Brian Krebs on his Krebs on Security website.

Week in security: Dubai Police use Google Glass facial recognition, Bugzilla gets bugged and ‘Unpatchable’ USB exploit lands on GitHub

This week in security, we covered a full range of privacy and malware, with controversial plans to equip police officers with facial recognition packed Google Glass in Dubai, and the BadUSB malware finding its way on to GitHub.

Dairy Queen hit by card data stealing malware

Dairy Queen has become the latest company to be hit by payment card stealing malware, reports the Wall Street Journal. The breach is said to have affected 395 of its 4,500 American locations.

Future malware might offer real functions to avoid detection

Malware may begin to offer genuinely helpful functionality in the future, in order to “fly under the radar” and fake legitimacy before striking, according to Professor Giovanni Vigna from the University of California.

European ATMs under malware attack

At least 50 cash machines in Eastern Europe have been targeted by malware that allows the hacker to withdraw up to 40 notes at once without a credit or debit card to hand, Computer Weekly reports.

Manual fixes to USB malware revealed… with a catch

Since the BadUSB malware was released to the public with hopes of forcing a fix, a solution has emerged from the researchers who posted the code, but the fix is definitely not without its problems.

Sednit espionage group now using custom exploit kit

For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy.

‘Unpatchable’ USB exploit posted to GitHub

Techspot reports that a another USB exploit has been discovered by a pair of researchers who have “thrown caution to the wind by posting code for a similar attack on GitHub.”

FBI opens malware tool for public “crowdsourcing”

The FBI has opened up its previously in-house malware analyzing tool to the public in order to crowdsource more samples for speedier response, according to The Register.

Bootkits, Windigo, and Virus Bulletin

ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.

Week in security: Bash Bug, BlackEnergy and hoax attacks

This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.

Week in security: Free iPhone scams target eager fans

This week offered a lesson in how cybercriminals follow the news, and time their attacks to dupe the unwary – with several different attacks aimed at iPhone fans, in the week where Apple unveiled its iPhone 6.

Beware overdue invoice malware attack, wrapped in an .ARJ file!

Online criminals are spamming out messages claiming that invoices are overdue. But attached to the emails are .ARJ files containing a malicious payload – don’t allow your computer to become infected.

Phishing email: UK hit with three times as many ‘bad’ links as U.S.

British internet users opening a spam email are three times more likely to be facing a malicious URL than users in the US, thanks in part to a wave of highly targeted financial malware.

Week in security: Home Depot speaks, Gmail and Android ‘leak’

This week, American chain Home Depot admitted its systems had been breached, Gmail users got a fright, and a series of videos showed leaks in Android chat apps. Meanwhile, Facebook freaked out the world…. again.

Salesforce software – millions of users at risk of Dyre malware

A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.