Technical analysis of Power Loader, a special bot builder for making downloaders for other malware families and yet another example of specialization and modularity in malware production.

A deep dive into Win32/Theola, one of the most malicious components of the notorious bootkit family, Win32/Mebroot.FX. Theola uses malicious Chrome browser plugins to steal money.

Malware infecting 25,000 computers, mostly in the United States, pumping out 80 million spam messages per hour? ESET researchers sinkhole to investigate Win32/TrojanDownloader.Zortob.B

Analysis of malicious code dubbed Win32/Caphaw (a.k.a. Shylock) attacking major European banks, with ability to automatically steal money when the user is actively accessing his banking account.

NBC.com may have sent visitors to infected URLs serving up Trojan software (RedKit) for 24 hours. At the time of this blog post ESET researchers still see some related sites similarly compromised.

Technical analysis of malware that abuses code signing certificates normally used to positively identify a software publisher and to guarantee code is unchanged.

Could distributed denial of service (DDoS) malware be evolving to defeat anti-DDoS security measures like CloudFlare? We do not usually see a lot of innovative denial-of-service malware in our day-to-day work. What we do see usually boils down to the basic flooding techniques: TCP Syn, UDP and ping floods, and sometimes HTTP-oriented floods. Of course,

ESET Ireland’s Urban Schrott has blogged recently that “Research reveals nearly half of all Irish computers depend on free antivirus for protection”.

ESET’s threat researchers received a surprise earlier this week when they began receiving reports from ESET LiveGrid that downloads of ComboFix, a tool popular with advanced users for removing malware, were detected as being infected by a variant of the Sality virus, Win32/Sality.NBA.

I received a “shared” messages from a friend about “a leaked scandal video of Justin Bieber and Selana Gomez” promising a “naked Justin Bieber”, with a Photoshopped picture, which we – for family-friendliness – censored a bit.