The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web
Bart Parys (@bartblaze) recently contacted me about research he was conducting into botnets, exploit kits and so on. His article "The Botnet Wars: a Q&A" is now up. While Bart himself is a Technical Support Engineer at Panda Security, he's taken the approach of asking a number of experts and commentators (I'll leave it to
[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.
You may have seen the news about the bot masters in Spain who were arrested. Defense Intelligence http://defintel.com/docs/Mariposa_Analysis.pdf dubbed this Mariposa botnet. It is claimed that this botnet had the power to perform much stronger attacks than what Estonia witnessed a couple of years ago. Still, this botnet is dwarfed by the largest botnet in
You might have noticed that there are certain issues that press my buttons: the Beeb's botnet, Mac myopia, using Virus Total as a substitute for comparative detection testing. And malware naming, an issue on which I've blogged several times recently. http://www.eset.com/threat-center/blog/2010/01/09/today-we-have-naming-of-err-malware-1 http://avien.net/blog/?p=121 The estimable Kurt Wismer has taken me to task – well, Tom Kelchner
I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go) on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits
After a few years in the security business, it's easy to get a bit too used to the background noise, and forget that not everyone is familiar with concepts like phishing (see Randy's recent blog at http://www.eset.com/threat-center/blog/2009/11/16/once-upon-a-cybercrime%e2%80%a6), or botnets ("whatever they are", as my brother said to me quite recently), or money mules. I've written
ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud. You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site. While the report identifies a number
Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet
Potentially Abandoned Conficker Grows According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these
In a comment to a previous post, Finjan have confirmed that Win32/Hexzone.AP is just one of the malicious programs downloaded to machines infected by the unnamed bot behind the 1.9 million PC botnet they reported: it isn’t the bot itself. While I think we’d pretty much established that (especially after some very useful input from Atif
Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.
There is some chatter about a news item that has been released by Finjan in a blog post this morning. The news has been picked up by Computer Weekly and USA Today. The un-named bot involved in this story is detected by ESET as Win32/Hexzone.AP. It is a typical Trojan that reports to a command
I haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of
Some of you may have recently read of researchers discovering a botnet that is using Mac computers. Are you surprised? Well, perhaps if you drink the Apple flavored Kool-Aid you are, but if you understand operating systems at all then this is really not at all surprising. Operating systems are designed to run programs. A
Larry Seltzer, one of the better commentators on malware issues, has picked up on the disparity between ESET’s naming of the latest variant and Symantec’s – they call it W32.Downadup.E. Richard Adhikari (who also seems to pretty clueful) also picked up on the naming issue when we exchanged emails a few days ago. This issue