Jean-Ian Boutin | WeLiveSecurity

Bio

Jean-Ian Boutin

Jean-Ian Boutin

Director of Threat Research

Education? B. Eng. Electical Engineering / M. Eng. Computer Engineering

Highlights of your career? My career highlight at ESET was able to present research I conducted at conferences such as Virus Bulletin and ZeroNights.

Position and history at ESET? I joined ESET in 2011. I am a malware researcher in the Security Intelligence program.

What malware do you hate the most? Win32/SpyEye. It was the first investigation I did when I joined ESET and, while it was a good learning experience, I still resent it ;)

Favorite activities? I love playing with my kids, cycling, jogging and playing the piano.

What is your golden rule for cyberspace? Be paranoid enough.

When did you get your first computer and what kind was it? My dad got me my first computer – a Commodore-64 – in 1988.

Favorite computer game/activity? My favorite computer game is the EA NHL series.

Articles by author

ESET APT Activity Report Q4 2022–Q1 2023

ESET APT Activity Report Q4 2022–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

Jean-Ian Boutin 9 May 2023 - 11:30AM

ESET APT Activity Report T3 2022

ESET APT Activity Report T3 2022

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022

Jean-Ian Boutin 31 Jan 2023 - 11:30AM

ESET APT Activity Report T2 2022

ESET APT Activity Report T2 2022

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022

Jean-Ian Boutin 14 Nov 2022 - 11:30AM

ESET takes part in global operation to disrupt Zloader botnets

ESET takes part in global operation to disrupt Zloader botnets

ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses

Jean-Ian Boutin and Tomáš Procházka 13 Apr 2022 - 06:00PM

ESET takes part in global operation to disrupt Trickbot

ESET takes part in global operation to disrupt Trickbot

Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort

Jean-Ian Boutin 12 Oct 2020 - 01:00PM

Gamaredon group grows its game

Gamaredon group grows its game

Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro

Jean-Ian Boutin 11 Jun 2020 - 11:30AM

Buhtrap group uses zero‑day in latest espionage campaigns

Buhtrap group uses zero‑day in latest espionage campaigns

ESET research reveals notorious crime group also conducting espionage campaigns for the past five years

Jean-Ian Boutin 11 Jul 2019 - 11:30AM

3ve – Major online ad fraud operation disrupted

3ve – Major online ad fraud operation disrupted

International law enforcement swoops on fake ad viewing outfit

Jean-Ian Boutin 27 Nov 2018 - 10:52PM

ESET takes part in global operation to disrupt Gamarue

ESET takes part in global operation to disrupt Gamarue

Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.

Jean-Ian Boutin 4 Dec 2017 - 07:01PM

Turla’s watering hole campaign: An updated Firefox extension abusing Instagram

Turla’s watering hole campaign: An updated Firefox extension abusing Instagram

The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure.

Jean-Ian Boutin 6 Jun 2017 - 02:00PM

RTM: Stealthy group targeting remote banking system

RTM: Stealthy group targeting remote banking system

Today, ESET has released a white paper on RTM, a cybercrime group that has been relentlessly targeting businesses in Russia and neighboring countries.

Jean-Ian Boutin and Matthieu Faou 21 Feb 2017 - 02:00PM

Modern attacks on Russian financial institutions

Modern attacks on Russian financial institutions

ESET's Anton Cherepanov Jean-Ian Boutin discuss their paper, titled Modern Attacks on Russian Financial Institutions, which was published earlier this year.

Anton Cherepanov and Jean-Ian Boutin 12 Dec 2016 - 12:00PM

Avalanche takedown: Check if you are safe

Avalanche takedown: Check if you are safe

Earlier this week coordinated law enforcement action took down the Avalanche fast-flux network. ESET has been assisting in the cleanup.

Jean-Ian Boutin 1 Dec 2016 - 02:28PM

News from the Dorkside: Dorkbot botnet disrupted

News from the Dorkside: Dorkbot botnet disrupted

Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.

Jean-Ian Boutin 3 Dec 2015 - 10:49PM

Operation Buhtrap malware distributed via ammyy.com

Operation Buhtrap malware distributed via ammyy.com

The free version of Ammyy's remote administrator software were being served a bundle that contained an NSIS installer used by the gang behind Operation Buhtrap.

Jean-Ian Boutin 11 Nov 2015 - 02:49PM

Brolux trojan targeting Japanese online bankers

Brolux trojan targeting Japanese online bankers

A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.

Jean-Ian Boutin and Anton Cherepanov 15 Oct 2015 - 11:49AM

Operation Buhtrap, the trap for Russian accountants

Operation Buhtrap, the trap for Russian accountants

The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.

Jean-Ian Boutin 9 Apr 2015 - 12:44PM

The Evolution of Webinject

The Evolution of Webinject

Last month, we presented “The Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

Jean-Ian Boutin 23 Oct 2014 - 11:33AM

Facebook Webinject Leads to iBanking Mobile Bot

Facebook Webinject Leads to iBanking Mobile Bot

iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone.

Jean-Ian Boutin 16 Apr 2014 - 01:00PM

Qadars – a banking Trojan with the Netherlands in its sights

Qadars – a banking Trojan with the Netherlands in its sights

The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers - 75% of detections come from this region.

Jean-Ian Boutin 18 Dec 2013 - 12:40PM