Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

Dancing Penguins: a case of organized Android pay‑per‑install

For years, cyber criminals have organized their operations and traded resources through discussion forums and auction sites. One popular item to trade is access to virus infected PCs for cash. These trading schemes are often called pay-per install (PPI) programs. We have recently started an investigation on a new type of pay-per install program, this

Irish Ransomware Report

Well, that was a little unexpected. The Irish Times has reported the discovery of the “first Irish language virus“. (Further checking suggests that the story may have originated with the Donegal Daily.) Actually, it sounds less like a virus – there’s no indication of whether it self-replicates – than the kind of ransomware that we’ve

The Cloud for SMBs: 7 tips for safer cloud computing

Ahead of next week’s VMWorld in San Francisco, here are some thoughts on the safe use of cloud computing for smaller businesses, along with a podcast (see the link at end of the post). The Cloud concept, a flexible Virtual Machine (VM) based system that allows rapid expansion and dedicated functionality without hiring new staff,

Quervar Induc.C reincarnate?

Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the

Bad password choices: don't miss the point

Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of

Interconnection of Gauss with Stuxnet, Duqu & Flame

Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution.  Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.

Win32/Gataka banking Trojan – Detailed analysis

Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we