New stolen digital certificates are used by the multi-purpose backdoor Qbot. The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed.
A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. When the user opens the “PDF” file, it attempts to mask the installation
Recently, we’ve noted a steep rise in Android malware and predicted the rise in banking malware, now we see another example in the wild, this time SpyEye. Trusteer has a good rundown on it, saying “It seems that SpyEye distributors are catching up with the mobile market as they (finally) target the Android mobile platform.
ESET has discovered a new version of the Delphi infector, Win32/Induc. Unlike its predecessors, however, this variant incorporates a seriously malicious payload and has acquired some extra file infection and self-replicative functionality. Two years ago, we published comprehensive information (here , here, and here) about the virus Win32/Induc.A, which infected Delphi files at compile-time. Though
The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed. Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007,
Awhile back we mused that the rapid rise in Android malware would hit its stride near the intersection of widespread mobile financial transaction use, and the continuing steep rise in adoption of the platform. Now we see AT&T, T-Mobile and Verizon entering a joint venture to back a payment service for, guess what: Mobile financial
You may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered. Ten years later, still the same
Among the many different trojans that spread on Facebook, something popped up recently that caught our particular attention. The threat, detected by ESET as Win32/Delf.QCZ, is interesting for several reasons. Distribution First, let’s look at the distribution vector. Win32/Delf.QCZ relies on the old “fake codec/media player trick” and links to the malware-laden site are
The most common malware technique for avoiding detection is to create loads of “fresh” variants. Actually, the component that changes so frequently is the packer – the outer layer of the malware, used by malware authors to encrypt the malware and make it harder to detect – whilst the functionality of the malicious code inside
It's something of a truism, that 'old viruses never die', and that certainly seems to be the case for some of the older, more widespread, email worms. In this interview (http://www.signonsandiego.com/uniontrib/20041129/news_lz1b29five.html) back in 2004, I talked about an email worm called "Win32/Zafi.b" which, at the time, had recently been spreading on a global scale. However,
In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.
Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once
Security companies in general and, unfortunately, anti-malware companies in particular, are often accused of ‘hyping’ threats because of a perceived self-interest. However, in the main, legitimate vendors and researchers like those at ESET typically try to resist overhyping or playing up threats where possible, in favor of more balanced discussion that can help customers take
Another day, another Facejack attack. We see a lot of these sorts of scams, alluringly titled posts – typically with a promise to show you who has been visiting your profile (or infamously, video of Osama Bin Laden's death) – that try to get you to click to see some special content. The latest one
An article came out yesterday from Clement Genzmer who is a security engineer at Facebook. His tagline is "searching and destroying malicious links". Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to
The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth. As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates
[NOTE: As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook. Click here to view their article in Spanish. We will follow up on this shortly. AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues
Yesterday the U.S. president, Barak Obama, held a conference at the White House to announce that the leader of Al Qaeda, Osama Bin Laden, was killed in Abbottabad, Pakistan. With no doubt, this is a story with an international impact, which the people will remember in the coming days and… attackers as well. As expected,