tag
C&C

Mass malware attacks “could be triggered by music”, researchers claim

Future malware attacks could be triggered by music or even lighting – allowing cybercriminals to command and control large numbers of infected devices in the same area, according to Alabama researchers.

Sinkholing of Trojan Downloader Zortob.B reveals fast growing malware threat

Malware infecting 25,000 computers, mostly in the United States, pumping out 80 million spam messages per hour? ESET researchers sinkhole to investigate Win32/TrojanDownloader.Zortob.B

Flamer Analysis: Framework Reconstruction

Aleksandr Matrosov looks at the internal architecture of Win32/Flamer’s mssecmgr.ocx module.

Drive-by FTP: a new view of CVE-2011-3544

Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.

Kelihos: not Alien Resurrection, more Attack of the Clones

How the Kelihos botnet survived a stake through the heart, and some alternatives to garlic and silver bullets.

Facebook Fakebook: New Trends in Carberp Activity

Facebook fraud, Carberp, statistics and a DDoS plugin.

TDL4 rebooted

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

Hodprot is a Hotshot

In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 — one of the best presentations of the workshop, in my unbiased opinion ;-) — Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.

Cycbot: Ready to Ride

Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on

TDL Tracking: Peer Pressure

Recently … our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen earlier … we discovered that it implements a particularly interesting network communication protocol …

Coreflood dries up

The US Department of Justice's announcement yesterday of the takedown of the command and  control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing awareness that crime, whether it is committed with bullets or with botnets, is still crime.  This particular botnet,

Coreflood Reduced to a Backwater

Here’s a little information from ESET’s point of view about the Coreflood botnet, whose C&C (Command and Control) servers were taken down yesterday by the Department of Justice. The Coreflood bot is detected by ESET products as Win32/Afcore and has been active since the early years of the last decade (certainly since 2001), though our

Koobface sigue pegando

Hace varios meses que no tenemos noticias de Koobface, lo cual quizás deja la errónea sensación de que esta amenaza ha dejado a un lado sus actividades maliciosas. Sin embargo, lejos de ello, Koobface es uno de los códigos maliciosos con mayor tasa de propagación/infección, y cada cierto tiempo agudiza sus propuestas fraudulentas lanzando campañas

Oficla: botnet con más de 330.000 zombis

Sin lugar a dudas las botnets representan una pieza fundamental dentro del escenario delictivo del crimeware, a través de todas sus vetas de negocio, y en la actualidad existe un importante volumen de actividades fraudulentas que se llevan a cabo a través de ellas. Por otro lado, si consideramos que una botnet pequeña se encuentra

IBot revisited (briefly)

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits

June ThreatSense Report

We’ve just finished working on our monthly Threat Report. There aren’t many surprises in the top ten threats for June. Conficker has taken over the "top spot", relegating INF/Autorun to second place. It’s difficult to say for sure what the significance is, given the relatively small percentage point involved: minor fluctuations in proportions from month

Hexzone Hotzone

Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.

Conficker: Before the Flood (April Showers)

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date. At the very least,

Zombies Down Under

The estimable Graham Cluley’ drew my attention in his blog to the fact that this is National Zombie Awareness Week in Australia. A zombie is security geekspeak for a PC that has been infected by a bot or agent, so that it’s added to a network of compromised machines (a botnet) under the control of

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

23 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.