ESET Threat Blog

This week we have detected another interesting attack vector. This time cybercriminals are using an interesting technique for hiding malicious Javascripts and employ implicit iFrame injection. At this moment we are tracking hundreds of infected legitimate web sites in the Russian internet segment using this technique of infection. Let’s analyze this attack method step by … Read More…

Andrew Lee just drew my attention to a poll carried out by an IT magazine in the UK, asking the question ‘Do you think it's necessary to use paid-for anti-virus software to effectively protect your PC?’ Clearly this is a question that a lot of people ask, but the answer is more complicated than you … Read More…

This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) … Read More…

[Some interesting research reported by Aleksandr Matrosov]
[Update: minor edits to graphics]
[Update 2: two additional FTP server graphics added at the end.]
Not long ago we received interesting information from an independent security researcher from Russia, Vladimir Kropotov. (We will be presenting our joint research with him at CARO 2012.) We started to research this information and … Read More…

This article was written in collaboration with my colleague Jean-Ian Boutin.
The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are pointing … Read More…

After our latest blog on Carberp and the Black Hole exploit pack, we thought it would be useful to aggregate the material we've published to date on the topic into a single paper. That actually went up on the white papers page yesterday, but Aleksandr suggested adding some material that we thought would make it … Read More…

In recent years there has been a tremendous increase in the Russian region in the number of sites redirecting users to the Black Hole exploit kit. In most cases, successful exploitation of a vulnerability in client software leads to the installation onto the victim’s machine of either the trojan Win32/TrojanDownloader.Carberp or of Win32/Carberp (the version … Read More…

Bart Parys (@bartblaze) recently contacted me about research he was conducting into botnets, exploit kits and so on. His article "The Botnet Wars: a Q&A" is now up. While Bart himself is a Technical Support Engineer at Panda Security, he's taken the approach of asking a number of experts and commentators (I'll leave it to … Read More…