ESET Threat Blog

[Update: police have issued a video of the man they say ran the whole group.]
We've spent quite a lot of time on this blog in the last year or more discussing Win32/Carberp, which has also found its way into the occasional paper and presentation.
So it gave us particular pleasure to see that our friends at … Read More…

[Some interesting research reported by Aleksandr Matrosov]
[Update: minor edits to graphics]
[Update 2: two additional FTP server graphics added at the end.]
Not long ago we received interesting information from an independent security researcher from Russia, Vladimir Kropotov. (We will be presenting our joint research with him at CARO 2012.) We started to research this information and … Read More…

[Update: there is now a well-considered response from Avast! on its blog here.]
There's a blog article I've been wanting to write for a few days, but haven't so far been able to make time for. However, Martijn Grooten drew my attention to a blog on much the same topic from our friends at Avast! and … Read More…

Here's a quick summary of the PREFETCH and INF ploys I mentioned in a separate blog here. These are alternatives (or supplements) used by support scammers from India to the Event Viewer and ASSOC/CLSID ploys also used to "prove" to a victim that their system is infected with malware or has other security/integrity problems.
The "Prefetch" command shows the … Read More…

Our colleagues at ESET UK drew my attention to another article on the resurrection of the Kelihos botnet (Win32/Kelihos).  The article is based on the abuse.ch analysis of a particular sample. The analysis is interesting and well executed, but the reappearance of Kelihos isn’t exactly hot off the press: there were several reports to that … Read More…

It was back in the 1990s when someone told me that operating systems like Windows NT were getting so safe that AV would soon be out of business. And I hear on a regular basis that AV is so ineffective it's not worth having. Because I get some of my income from the anti-virus industry, … Read More…

Introduction
Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8.
While Microsoft was an early adopter in the creation of smartphones with Windows Mobile, … Read More…

[More research from our colleagues in Russia]
In the beginning of February we found a new modification of our “old friend” Win32/Rovnix (the dropper detected as Win32/Rovnix.B trojan), which is the first bootkit using VBR (Volume Boot Record) infection. An interesting fact is that Rovnix bootkit components were used in Win32/Carberp, the most widely spread banking … Read More…

 Here are some further thoughts arising from the ACPO National Cyber Crime Conference held recently in the UK*.

DAC Janet Williams, ACPO’s e-Crime lead, summarized the current initiatives along these lines (apologies if I’ve introduced too many of my own preconceptions):

The UK intends to tackle cybercrime and make this one of the safest places to do … Read More…

 I spent a couple of days last week at the National Cyber Crime Conference in Sheffield*, UK.

I was invited there to talk about those PC support scams that have been raising my blood pressure for a while. (That’s a topic I’ll be returning to sooner rather than later.) While I very much enjoyed the opportunity … Read More…