Malware infecting 25,000 computers, mostly in the United States, pumping out 80 million spam messages per hour? ESET researchers sinkhole to investigate Win32/TrojanDownloader.Zortob.B

Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol).

Aleksandr Matrosov looks at the internal architecture of Win32/Flamer’s mssecmgr.ocx module.

The Flashback trojan has been all over the news lately, but it is not the only Mac malware threat out there at the moment. A few weeks ago, we published a technical analysis of OSX/Lamadai.A, the Mac OS X payload of a multi-platform attack exploiting the Java vulnerability CVE-2011-3544 to infect its victims. OSX/Lamadai.A has

Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.

How the Kelihos botnet survived a stake through the heart, and some alternatives to garlic and silver bullets.

Facebook fraud, Carberp, statistics and a DDoS plugin.

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 — one of the best presentations of the workshop, in my unbiased opinion ;-) — Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.