tag
rootkit

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo Groups for C&C communications.

CarrierIQ-style data gathering law to require mandatory notification/opt-in?

As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user

Windows Rootkit Requires Reinstall?

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.

TDSS and hacking the hackers

…Aleks and Eugene released a new version of the tool they developed in the course of their research into the TDL family…

TDL4: Beat-root with Confidence

…Aleksandr Matrosov and Eugene Rodionov recently delivered a presentation on “Defeating x64: The Evolution of the TDL Rootkit” at Confidence 2011, in Krakow, and now available on our white papers page…

TDSS: The Next Generation

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

Stuxnet Analysis 1.31 and TDSS article

…version 1.31 of “Stuxnet Under the Microscope” is now available on the white papers page … Until now Rooting about in TDSS was only available to VB subscribers, but it too is now available on the ESET white papers page.

Tidy TDSS (TDL3) Paper

…Aleksandr Matrosov, Senior Virus Researcher, & Eugene Rodionov, Rootkit Analyst, … have allowed us to share a long and comprehensive report on the TLD3 rootkit…

Blog Spam? No Comment….

I’d like to say thanks to Sean, who commented on my first blog on Orbasoft blog spam (don’t miss the later blog!) as follows: "These people are still not telling the truth. This software has been tested several times in the last few days and has been verified as a Rogue. It is on average detecting

PSST! It’s PFTS!

PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According

Sunday Miscellany

Here are a few rather disconnected items that I intended to blog about last week, but never had time to write up. First of all, an interview with an adware author from philosecurity.org that went up on 12th January. Excerpt: "Matt Knox, a talented Ruby instructor and coder, talks about his early days designing and writing

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

14 articles related to:
Hot Topic
01 May 2013
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.