Malware and Medical Devices: hospitals really are unhealthy places…
Mass murder by pacemaker hacking isn't the likeliest scenario, but clinical tools and SCADA devices still deserve serious security scrutiny.
Search results for: "stuxnet"
Nitol Botnet: You Will Never Break The Chain
Nitol versus Michelangelo: the supply chain is much more than the production line.
FinSpy and FinFisher spy on you via your cellphone and PC, for good or evil?
We read that “FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc.’s iPhone and Research in Motion Ltd.’s BlackBerry…”, at the opening of a Bloomberg article that several readers of the ESET blog sent us yesterday, along with a number of questions that boil down
Carbon Dating and Malware Detection
Carbon Black assert that if an AV company doesn't detect malware within six days of its being flagged on Virus Total, it probably won't after a month. Is that as dangerous as it sounds?
Flamer Analysis: Framework Reconstruction
Aleksandr Matrosov looks at the internal architecture of Win32/Flamer's mssecmgr.ocx module.
ACAD/Medre.A 10000’s of AutoCAD files leaked in suspected industrial espionage
The malware news today is all about new targeted, high-tech, military grade malicious code such as Stuxnet, Duqu and Flamer that have grabbed headlines. So imagine our surprise when an AutoCAD worm, written in AutoLISP, the scripting language that AutoCAD uses, suddenly showed a big spike in one country on ESET’s LiveGrid® two months ago,
Carberp and Hodprot: six more gang members held
Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
Win32/Flamer: the 21st Century Whale
Despite the confusion and the stampede to claim detection ownership, W32/Flamer is more than a media sensation.
Kelihos: not Alien Resurrection, more Attack of the Clones
How the Kelihos botnet survived a stake through the heart, and some alternatives to garlic and silver bullets.
Password management for non‑obvious accounts
A continuation on: Time to check your DNS settings? After 7 March 2012, lots of people potentially can be hit as their systems are infected by a DNS Changer. Several government-CERTs have already warned their users. Rather than using the ISP’s DNS Servers, the malware has changed the settings to use DNS Servers controlled by
Win32/Duqu analysis: the RPC edition
ESET Researchers have investigated Win32/Duqu's RPC mechanism.
Win32/Duqu: It’s A Date
For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of
Hack wireless industrial sensors in a few easy steps
On the heels of the recent activity with Stuxnet, the industrial process control computer worm that targeted Iranian nuclear centrifuges, a Blackhat talk by Thanassis Giannetsos explains how to hack yet another commonly used family of controllers. We have mused that this trend, targeting critical infrastructure nodes, is but a shade of things yet to
U.S. standards agency warns energy producers of cyber attacks
The North American Electric Reliability Corporation’s (NERC) newly formed Cyber Attack Task Force will “consider the impacts of a coordinated cyber attack on the reliability of the bulk power system”, in a proactive effort to increase providers’ readiness for new waves of potential nastiness. Recently, there has been a flurry of activity surrounding efforts to
Blackhat Cyberwarriors: We ARE the next war frontline (with a fire alarm thrown in)
Finally seated in the crowded auditorium at Blackhat 2011, our first keynote speaker, Cofer Black, a veteran government intel mainstay, regales us with the US threat stance and endeavors, mostly in the physical arena of combat and operations. Then he relates it to the cyber arena. Referencing the U.S. Government’s highest priority threats, which used
Win32/Hodprot: Hot off the Press
A week or so ago we promised you a full paper expanding on our Hodprot is a Hotshot blog. That paper is now available.
Real War – The Next Cyber Frontier
Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal, “The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public
SCADA concerns
Greetings, my faithful fans. Did you miss me? I've just had a restful week hiding from the Internet in a remote cottage in Devon, which is why I've been uncharacteristically quiet. Before that, though, I had an interesting and useful week in London mostly centred round the Infosec Europe expo, where apart from wall-to-wall meetings
February ThreatSense Report
The February ThreatSense Report is now available...
The Terrifying Android
At a time when Gartner estimates that we'll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn't help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting. Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market