Analysis of the Olmasco bootkit: a TDL4 variation with an interesting approach to dropper technology
Alexandr Matrosov summarizes the evolution of complex threats using hidden storage, as discussed in his presentation with Eugene Rodionov at Virus Bulletin 2012.
[NOTE: For the latest information about compatibility between ESET’s software and Windows 8, please see the following blog post: W8ing for V6: What ESET has in store for Windows 8 Users. (10/23/2012, 4:15PM)] Windows 8 will be available to the public in three weeks, and interest in the latest version of Microsoft’s flagship operating system
For years scammers and hackers focused largely on Windows x86-based platforms, in many ways because that’s where the bulk of the users were. But times change, and new targets emerge. At Blackhat and Defcon last week we saw a flurry of talks on Mac OSX/iOS security, trying to illuminate possible chinks in the armor. From
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
Why the ZeroAccess rootkit family modifications are important to the end user.
New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.
ESET is seeing a new step of evolution for the Rovnix bootkit family.
Facebook fraud, Carberp, statistics and a DDoS plugin.
ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.
While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.
ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.
A new conference paper, two conference presentations, and an article for SC Magazine.
During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.
...Aleks and Eugene released a new version of the tool they developed in the course of their research into the TDL family...
...Aleksandr Matrosov and Eugene Rodionov recently delivered a presentation on "Defeating x64: The Evolution of the TDL Rootkit" at Confidence 2011, in Krakow, and now available on our white papers page...
Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed