ESET Threat Blog

[More research from our colleagues in Russia]
In the beginning of February we found a new modification of our “old friend” Win32/Rovnix (the dropper detected as Win32/Rovnix.B trojan), which is the first bootkit using VBR (Volume Boot Record) infection. An interesting fact is that Rovnix bootkit components were used in Win32/Carberp, the most widely spread banking … Read More…

Our white paper on Potentially Unwanted Applications (PUAs) has been revised with additional information, including information about how legitimate software can become classified as a PUA due to its misuse, a discussion of a type of downloader called a software wrapper and updated screen shots. It can be found in the White Papers section  Problematic, … Read More…

Taking delivery of an unexpected package containing gifts is one of the joys of the holiday season. Missing a package delivery is one of the frustrations of the season. So, an email headed "Failed Package Delivery" is a good way for scam artists and malware distributors to get your attention. In this post I examine … Read More…

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego.  The threat is a trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site.
As with the MacDefender and Revir malware the Flashback attack uses social engineering to entice the user to download then install the … Read More…

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache.
The UI is essentially unchanged, but as usual all of … Read More…

In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it.  
I'll address the second question first.   I think its safe to say the current malware would not be newsworthy if it … Read More…

The US Department of Justice's announcement yesterday of the takedown of the command and  control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing awareness that crime, whether it is committed with bullets or with botnets, is still crime. 
This particular botnet, about … Read More…

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it:

NOTE: The audio is not completely … Read More…

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet.
On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was … Read More…

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number … Read More…