search result

Towering Qbot Certificates

New stolen digital certificates are used by the multi-purpose backdoor Qbot. The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed.

Pharma Phraud

Spam that advertises Canadian pharmacies makes up a very significant percentage of all the spam out there. Part of the reason there is so much of this spam is that it works. There is a huge incentive driven extensively by the American pharmaceutical industry keeping prices artificially high in America. Many Americans cannot afford the

MD5/SSL: is the sky falling?

Lots of fuss  was made about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5

Tesco Bank not alone in being targeted by Retefe malware

Tesco Bank, which recently saw thousands of its customers lose funds to cybercriminals, has been found on the target list of the so-called Retefe malware.

New Mac ransomware appears: KeRanger, spread via Transmission app

New ransomware infecting Apple OS X surfaced on March 4th, 2016, with the emergence of KeRanger. The first inkling of trouble came at the weekend.

Spoofed URLs: Homograph Attacks Revisited

How homograph attacks can present a spoofed, malicious link, and a case where a secure connection doesn’t guarantee a safe site.

Windows Phone 8: Security Heaven or Hell?

Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with

Sheldor-Shocked

My Russian colleague Aleksandr Matrosov reports that this week he received an interesting sample from forensic investigation specialists Group-IB. The threat in question is detected by ESET products as Win32/Sheldor.NAD, and coverage by other vendors is reasonable: see http://www.virustotal.com/file-scan/report.html?id=9f3ff234d5481da1c00a2466bc83f7bda5fb9a36ebc0b0db821a6dc3669fe4e6-1294926672. The interesting feature of this sample is that it uses the TeamViewer 5.0 standalone component to effect remote control of the

Win32/Stuxnet Signed Binaries

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

Parents, Teachers, Schools and Churches Sieged by Zamzuu’s KidZafe Sales Force

This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee

Ray-Bans out, Uggs in: Holiday season scam plagues social media

A new holiday season scam campaign is plaguing social media – and this time it’s pretending to sell heavily discounted Uggs, reports ESET’s Ondrej Kubovič.

The Hive Mind: When IoT devices go rogue

IoT devices, while extremely useful for simplifying various mundane aspects of everyday life, also offer criminals a new attack platform: your appliances.

Beware spear phishers trying to hijack your website

If you fail to take proper care, it would be all too easy to type your password into a phishing site and hand control of your website over to a online criminal gang.

Brolux trojan targeting Japanese online bankers

A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.

ESET Presentations at Virus Bulletin 2015

Some of the good things in store for those attending Virus Bulletin 2015.

Top tips on safe online banking from the comfort of your home

Online banking from the comfort of your own home makes life much easier, but you may still be at risk of cybercrime. We look at how to stay safe.

Will people always ignore security warnings?

How much of people’s willingness to ignore security warnings is down to their brains?

Operation Buhtrap, the trap for Russian accountants

The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.

Facebook welcomes private browsers with dedicated Tor link

Facebook has opened its doors to privacy concerned users, but opening up a dedicated Tor link, guaranteeing that people who visit the social networking site through anonymous browsers aren’t mistaken for botnets, Gizmodo reports.

Copyright © 2017 ESET, All Rights Reserved.