We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan
Archives - June 2012
Why the ZeroAccess rootkit family modifications are important to the end user.
Following the flurry of press coverage surrounding the proposed next generation of driverless cars, privacy groups are asking questions about what will happen to the data the cars (necessarily) collect, which – in the wrong hands – might prove tempting for abuse. Other car manufacturers plan on rolling out real-time data streams of information about
New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.
Does the enterprise still have a choice about sharing information?
For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to
The malware news today is all about new targeted, high-tech, military grade malicious code such as Stuxnet, Duqu and Flamer that have grabbed headlines. So imagine our surprise when an AutoCAD worm, written in AutoLISP, the scripting language that AutoCAD uses, suddenly showed a big spike in one country on ESET’s LiveGrid® two months ago,
As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix
Just as I was putting the finishing touches on a blog post about the need to keep your data and devices safe on summer travels, I got an email from Apple letting me know that now was a great time to buy a Mac for college. I don't plan to go back to college at
Summer is here and for many families that means travels plans, but do your summer travel plans include taking care of your data and digital devices? Which digital devices do you plan to take on your trip and what sort of data do they contain? Perhaps more importantly: What kind of data can they access?
You may have heard that the organization known as europe-v-facebook found that a little-know provision in Facebook’s privacy and user rights policies allowed a vote on proposed changes to be forced if over 7,000 respondents were interested and submitted comments to that effect. When europe-v-facebook publicized this, users swarmed to show support and get their
In the middle of working on a blog post about SMS phishing scams at my desk last night, I received a rather strange call. The number displayed on the Caller ID was +1 (360) 474-3925. I did not recognize the number, but since it was 7:10PM, I assumed it was a colleague trying to reach
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
If the scary email or app notification–and subsequent webpage–is to be believed, you have only a few days to verify your Facebook account or you’ll be out of luck. But don’t worry, a few days later you will magically get a few more days to verify, and so the scam goes. A Twitter follower with
The slow drip of revelations about Flame have kept this piece of malware in the news for more than two weeks so it is worth reminding people that most antivirus programs now protect against Flame (ESET products detect it as Win32/Flamer.A). The coverage of Flame was boosted last week by a conveniently-timed assist from leaks
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
It's important to know the worst password choices, but also the worst choices for numeric passcodes.
This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard
We read in the New York Times that Google is rolling out a service that will attempt to alert users when it thinks their accounts might be subject to hacking by a government, hoping the user will take precautions after getting a notice that says “Warning: We believe state-sponsored attackers may be attempting to compromise
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays'2012.