Win32/Spy.Hesperbot is a new banking trojan that has been targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. For more information about its malware spreading campaigns and victims, refer to our first blog post. In this post we’ll cover the technical details of the malware, including the overall architecture, as well as the mobile component.
Search results for: "carberp"
A few months ago on this blog I described PowerLoader functionality - including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.
Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.
Technical and in-depth analysis of the implementation of hidden encrypted storage, as used by complex threats currently in the wild including TDL4, Carberp and ZeroAccess. First published in Virus Bulletin 2012 Conference Proceedings*
Analysis of malicious code dubbed Win32/Caphaw (a.k.a. Shylock) attacking major European banks, with ability to automatically steal money when the user is actively accessing his banking account.
Win32/Spy.Ranbyus shows how it is possible to bypass payment transaction signing/authentication with smartcard devices and has started to modify java code in one of the most popular remote banking systems (RBS) in the Ukraine.
More on the Gaelic ransomware, and how to spot ransomware in your own language, even if you aren't Irish.
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
The Java exploit for CVE-2012-1723 is already included in the latest update of the BlackHole exploit kit.
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays'2012.
Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)
ESET is seeing a new step of evolution for the Rovnix bootkit family.
A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.
ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.
Java will consolidate its position as the successor to PDF and SWF in the favourite exploits stakes.