Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan
We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat
New botnet targets nationals of Georgia.
Facebook fraud, Carberp, statistics and a DDoS plugin.
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of
This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are
Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one
ESET Researchers have investigated Win32/Duqu's RPC mechanism.
ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.
The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed. Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007,
Nearly three years old, the Conficker worm continues to pose a threat to PCs. Aryeh Goretsky wants to know why this is, and what can be done about it.
...you can probably guess what I think about the idea of an undetectable virus...
...one Yasuhiro Kawaguchi was arrested yesterday on suspicion of "saving a virus on his computer," though the story suggests distribution of malware too...
It’s no secret that spam/botnets are big business. There are a multitude of variations on a familiar theme, but after they trick unwitting users, what happens to the money? University of California wondered the same thing. In their recent report, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” they analyze where the money goes,
The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on