Carbon Black assert that if an AV company doesn't detect malware within six days of its being flagged on Virus Total, it probably won't after a month. Is that as dangerous as it sounds?
ResearchExpert content, for researchers by researchers
Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the
A crime wave of malware that demands money from victims to avoid prosecution by the FBI has been alarming web surfers across America. Victims suddenly find their computer frozen, and an official-looking page, like the one shown below, is displayed in their web browser. The FBI and the Internet Crime Complaint Center (IC3) have received
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
A new tech startup that produces facial recognition camera systems tied to Facebook tagged photos, plans to offer the technology to more traditional physical stores so they could offer you appropriate deals as you enter their business. That’s great for stores who want to have more targeted information about you, based on a bit of
Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution. Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.
Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we
The threat of the Dorifel/Quervar malware spreading in the Netherlands is being used by telephone scammers to trick local PC users into paying for 'protection'.
In May we read that game maker Blizzard, developer of a series of popular games including World of Warcraft, Diablo III and Starcraft, was hacked, but that turned out to just be individual compromised accounts from some of its users. Now we read, from Blizzard itself rather than a third party, that they have been
Sharing details of the hack that “wiped his life” has earned Mat Honan a place in the annals of information system security; the specific inter-dependence of flawed authentication systems that cost him so dearly–encompassing Apple, iCloud, Amazon.com, Gmail and more–would probably still exist if Mat had not gone public. Wired has the full story here
Scammer Anna claims to be from Global PC Helpline, and certainly that site seems to be confused about what it is and where it operates from.
Part of my daily routine here at ESET is to inspect URLs for new trends and malware campaigns identified by our systems. A couple of weeks ago I noticed a group of URLs with a similar pattern. When I investigated further, I found out that the URLs pointed to copies of legitimate web sites with
After Event Viewer, ASSOC, INF, PREFETCH and Task Manager, it seems that VERIFY is the latest system utility to be misused by PC tech support scammers.
For years scammers and hackers focused largely on Windows x86-based platforms, in many ways because that’s where the bulk of the users were. But times change, and new targets emerge. At Blackhat and Defcon last week we saw a flurry of talks on Mac OSX/iOS security, trying to illuminate possible chinks in the armor. From
Aleksandr Matrosov looks at the internal architecture of Win32/Flamer's mssecmgr.ocx module.
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
After my colleague Stephen Cobb stood in a huge line at Defcon waiting to get into the Friday keynote by NSA chief General Alexander, plus a swarm of interest shown at the two-part Meet the Fed panel presentation the next day, it’s becoming clear that multiple agencies of the federal government are focused on hackers,
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former