Thunderstrike! How a radar‑proof rootkit could infect your Mac
A security researcher describes how malware could infect your Mac's boot ROM, and spy on your activities, with little chance of you ever realising.
rootkit
Rovnix bootkit framework updated
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
ZeroAccess? Much too much access…
Why the ZeroAccess rootkit family modifications are important to the end user.
ZeroAccess: code injection chronicles
New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.
Rovnix Reloaded: new step of evolution
ESET is seeing a new step of evolution for the Rovnix bootkit family.
Bootkit Threat Evolution in 2011
ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.
A dozen predictions for 2012
While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in
Virus Bulletin 2011: Fake but free…
ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference. On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish
Where there’s smoke, there’s FireWire
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer
The co‑evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )
Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed
TDSS: The Next Generation
Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform