ESET Threat Blog

A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and … Read More…

My colleagues in Hungary have released some slightly alarming statistics about malware awareness in their part of the world. Research carried out on their behalf by NRC suggests that a significant proportion of Hungarian Internet users don't even know what AV software is installed on their computer (or, presumably, if anything is installed.)
http://www.eset.hu/hirek/holgyek-tessek-vedekezni?back=%2Fhirek
Out of 1000 … Read More…

We like to give you plenty of warning when we suspect that something unpleasant is coming down the pike, even if it's just one of those likely bursts of Black Hat SEO (web search poisoning) that come with a media-friendly event.
Still, I suspect that if I told you we expect lots of malicious activity around … Read More…

My colleague Aleks Matrosov has come across an interesting if uncomfortable post on a Russian language forum, advertising a "Boot loader for drivers" currently under test that doesn't require a Digital Signature driver, which sounds very much like our old friend TDL4.
This metamorphic malware (each build generates a fresh binary) loads before the start of PatchGuard. It's claimed … Read More…

[This is a free translation of a blog by my colleague at ESET Latin America, Sebastián Bortnik. As ever, mistakes in translation and interpretation are down to me. Would this be a bad time to mention the AVIEN Malware Defense Guide for the Enterprise? DH]
Considering security in the enterprise is no easy task: … Read More…

Dear Twitter,
I'm afraid our relationship is just not working these days: in fact, we seem to have stopped communicating almost immediately you cosied up to our mutual friend Tweetdeck. Clearly, I'm the spare part in this relationship, since Tweetdeck isn't talking to me much, either. How can you treat me like this?
Since I'm not … Read More…

Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization.  Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline.  The problem with rogue online pharmacies is that they do not meet federal regulations.  To … Read More…

In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth.

"They breached security systems designed to keep … Read More…

Sorry. If there's one thing I find even more irresistable than a good pun, it's a bad one. Lettuce get down to business.
My Russian colleagues Aleksandr Matrosov and Eugene Rodionov recently delivered a presentation on "Defeating x64: The Evolution of the TDL Rootkit" at Confidence 2011, in Krakow, and now available on our white papers page. … Read More…

Update: It seems like the initial article is inaccurate and that Paul Rellis never made any such comments about a 14 year old breaking into the X-Box live servers and have not offered to mentor him http://kotaku.com/5805742/microsoft-is-helping-an-xbox-live-hacker-develop-his-talent
TekGoblin reports (http://www.tekgoblin.com/2011/05/27/14-year-old-call-of-duty-hacker-hired-by-microsoft/) that a teenager who broke into the Call of Duty Modern Warfare 2 gameservers last month, … Read More…