search result

Versatile and infectious: Win64/Expiro is a cross-platform file infector

Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called

2013 Forecast: Malware, scams, security and privacy concerns

What does the New Year hold for information security, malicious software, consumer privacy and cybercrime? Questions of this mature are posed by journalists toward the end of every year and, beginning about November, answers from security specialists start to appear in print. Indeed, ESET researchers in Latin America published a 20-page white paper on this

Win32/Gapz: steps of evolution

Win32/Gapz has a new technique for code injection and a new VBR infection method. The dropper has many tricks for bypassing detection by security software.

Win32/Gataka – or should we say Zutick?

Win32/Gataka is an information-stealing Trojan that has been previously discussed on this blog here and here. Recently, we came across a post from its author on an underground forum trying to sell his creation. The post contained a help file detailing the inner working of this threat. This blog post will highlight some of the

Study finds 90 percent have no recent cybersecurity training

A new study finds that only 1 in 10 consumers have had any classes or training about protecting their computer and/or their personal information during the last 12 months. Indeed, a shocking 68 percent say they have never had any such training, ever. These and other findings, first revealed by ESET at the Virus Bulletin

Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx

Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.

OSX/Lamadai.A: The Mac Payload

Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations). The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it. The webserver would serve a platform-specific JAR

A dozen predictions for 2012

While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in

Linux Tsunami hits OS X

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code

Virus Bulletin 2011: Fake but free…

ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference. On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish

New white paper & presentations, and an SC Mag article

A new conference paper, two conference presentations, and an article for SC Magazine.

Win32/PSW.OnlineGames.OUM : Part 2 – Data stealing

Win32/PSW.OnlineGames.OUM is a malware that aims to steal credentials for online games. It targets popular titles such as World of Warcraft, Star Wars Galaxy, Lineage 2 or Guild Wars. Active since 2006, it is amongst the most detected threats by ESET, taking the 7th position between January and April 2011. In our previous blog post,

An Amazing Story – The Soul of a New Machine

As many of us cruise the information superhighway (haven’t heard that for a while have you) on 64-bit machines, it might be a good idea to take a breath and remember a pioneer. Back in the days when a small team at IBM was building a general purpose 8 bit personal computer, Tom West and

KB2506014 kills TDL4 on x64

The security update won’t necessarily help users who have already been infected with the bootkit as TDL4 blocks the Windows Update service on x86 machines. As a result, infected x86 machines won’t be able to download and install the patch automatically.

TDSS: The Next Generation

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

Java: Worse than Adobe and Microsoft for vulnerabilities?

Brian Krebs thinks so: Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals. Of the systems which I personally administrate as the ‘Chief Family Technology Officer’, the Java updates constantly annoy and confuse my mom who uses

I See Antivirus Software in the Vista

OK, let’s all let out a big whoop and holler. Vista is launched and that means no more Vista Launch hype! On the downside there will now be all kinds of Vista IS launched hype. I was just reading some this morning. A competitor of Microsoft’s (and ours) was quoted as saying that in their

Does Vista need anti-virus?

You may have seen a report that Jim Allchin, a Microsoft co-president said that the new lock down features in Vista are “so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.” Of course, the words “Lock down features” are very important. This means that the

Adobe, Make My Day Too….

Adobe, when I disable JavaScript, STOP SILENTLY RE-ENABLING IT WHEN YOU UPDATE….

Foreign Travel Malware Threat Alert: Watch out for hotel Internet connections

We received a worrying notice today from the Internet Crime Complaint Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), The headline reads: "Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections." We felt that the warning which followed the

Copyright © 2017 ESET, All Rights Reserved.