Aleksandr Matrosov
Aleksandr Matrosov
Security Intelligence Team Lead
Go to latest posts

Education: Master of Information Security (2007) at National Nuclear Research University "MEPHI"
Bachelor of Electronics (2001) at Moscow College of Management and New Technologies

Highlights of your career? I have more than ten years of experience with malware analysis, reverse engineering and advanced exploitation techniques. Worked as a security researcher since 2003 for major Russian IT companies. Frequently invited to speak at major security conferences with hardcore technical stuff.

Position and history at ESET? I joined the company in October 2009 as a Senior Malware Researcher and am currently working as Security Intelligence Team Lead. My team researches the most complex threats.

What malware do you hate the most? Stuxnet and Flame families for tons of C++ code.

Favorite activities? Reverse engineering, automation of RE processes and research in modern exploitation techniques.

What is your golden rule for cyberspace? Don't trust anybody, because you don’t know who is really sitting on other side of the communication channel and bad guys can play with your trust.

When did you get your first computer and what kind was it? My first experience with personal computers was with a ZX Spectrum in 1992. My first PC with i486DX4 on the board was purchased in 1995.

Favorite computer game/activity? I like cyberpunk computer game series as System Shock and Deus Ex. But lately my favorite computer game has been IDA Pro disassembler ;)

ZeroAccess: code injection chronicles

New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.

CVE2012-1889: MSXML use-after-free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

Smartcard vulnerabilities in modern banking malware

Aleksandr Matrosov and Eugene Rodionov presented their research into “Smartcard vulnerabilities in modern banking malware” at PHDays’2012.

Carberp Gang Evolution: CARO 2012 presentation

The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.

King of Spam: Festi botnet analysis

We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat

Exploit Kit plays with smart redirection (amended)

Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)

Follow us

Copyright © 2017 ESET, All Rights Reserved.