Education: B. Eng. Computer Engineering / Ph.D. Computer Science
Highlights of your career? The day I successfully made coffee at ESET Montréal’s office. I also presented at some security conferences like REcon and Virus Bulletin.
Position and history at ESET? I joined ESET in 2013, and before that I collaborated on several projects with ESET, as a LateX writer mainly. I am currently a malware researcher in the Security Intelligence Program.
What malware do you hate the most? I don’t have a favorite, I really execrate all of them.
Favorite activities? Reading sci-fi and cage fighting.
What is your golden rule for cyberspace? Don’t be naive.
When did you get your first computer and what kind was it? Good old 1990s, with a Pentium 200 (MMX).
Favorite computer game/activity? Losing at Quake Live.
In this blog we describe a sophisticated backdoor, called Dino by its creators. We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware.
In this post, we lift the veil on Casper - another piece of software that we believe to have been created by the same organization that is behind Babar and Bunny.
The Sednit espionage group, also known as the Sofacy group, APT28 or “Fancy Bear”, has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks -- “air-gapped” networks -- and exfiltrate sensitive files from them through removable drives.
In this post, we examine the complex it fits into a larger click fraud ecosystem, where users can be redirected either automatically, or through search engines browsing, to advertisement websites.
This is the first in a series of two blog posts on the malware family Win32/Boaxxe.BE whose end goal is to drive traffic to advertisement websites by using various click fraud techniques, and thus earn money from these websites as an “advertiser”.
In this blog post, we will describe software detected by ESET products as Win32/Kankan, and explain why its discovery shocked many Chinese users, then we will provide an in-depth analysis of its functionalities - and discuss the evidence that Xunlei Networking Technologies is implicated.
