ESET Threat Blog

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one:

The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on different … Read More…

Fraudsters continue to innovate their scam propagation methods. Again using Facebook and a pretense of a shocking video, they also utilize browser plugins to execute malicious scripts. We also see how the malware scene is intertwined, when the user is directed to a dubious Potentially Unwanted Application.
Facebook auto-like scams have been commonplace on the world’s … Read More…

Recently, a new data-stealing worm caught our attention. The reason why it stands out from many similar amateur creations is that its author is most probably Czech, as the text strings, variable and function names used by the malware suggest.

The Czech text above is displayed by the worm inside a console window and translates to: … Read More…

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code … Read More…

ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference.
On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish the … Read More…

On Saturday, another controversial report of a “government trojan” appeared. This time it is the German government that has been accused by the European hacker club Chaos Computer Club (CCC) of using “lawful interception” malware. Hence, “Bundestrojaner” (Federal Trojan), though that name is normally applied to the legal concept that allows German police to make … Read More…

New stolen digital certificates are used by the multi-purpose backdoor Qbot.
The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed. The … Read More…

ESET has discovered a new version of the Delphi infector, Win32/Induc. Unlike its predecessors, however, this variant incorporates a seriously malicious payload and has acquired some extra file infection and self-replicative functionality.
Two years ago, we published comprehensive information (here , here, and here) about the virus Win32/Induc.A, which infected Delphi files at compile-time. Though not … Read More…

The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed.
Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007, with … Read More…

Among the many different trojans that spread on Facebook, something popped up recently that caught our particular attention. The threat, detected by ESET as Win32/Delf.QCZ, is interesting for several reasons.

Distribution
First, let’s look at the distribution vector. Win32/Delf.QCZ relies on the old “fake codec/media player trick” and links to the malware-laden site are spread via Facebook … Read More…