Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

Scareware on the Piggy‑Back of ACAD/Medre.A

There are always people who want to piggy-back on the achievements of others. After ESET warned the public against ACAD/Medre.A in two blogs here and here  and issued a free standalone cleaner for remediation, there was always the possibility that drawing attention to the issue would result in the topic being misused for other purposes.

DNSChanger mini‑FAQ

Some brief answers to questions about the server shutdown that will affect tens/hundreds of thousands of DNSChanger victims on 9th July.

Cybercrime and the small business: Basic defensive measures

Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report

Final DNSChanger warning

It’s here, folks! If the replaced DNSChanger servers don’t get another deadline extension, more than 500,000* computers may not be able to reach their configured DNS service after next Monday, July 9, 2012.  In other words, it will be practically impossible for the users of those computers to surf the Internet using human friendly domain

Win32/Gataka: a banking Trojan ready to take off?

We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan

How much will your driverless car know about you (and who will it tell)?

Following the flurry of press coverage surrounding the proposed next generation of driverless cars, privacy groups are asking questions about what will happen to the data the cars (necessarily) collect, which – in the wrong hands – might prove tempting for abuse. Other car manufacturers plan on rolling out real-time data streams of information about

ACAD/Medre.A Technical Analysis

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to