Author Archive
Virus Bulletin 2011: Fake but free…
By Robert Lipovský at 11 October, 2011, 11:21 am
ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference.
On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish the … Read More.
(No Ratings Yet)
Loading ...German Policeware: Use the Farce…er, Force…Luke
By Robert Lipovský at 10 October, 2011, 12:52 pm
On Saturday, another controversial report of a “government trojan” appeared. This time it is the German government that has been accused by the European hacker club Chaos Computer Club (CCC) of using “lawful interception” malware. Hence, “Bundestrojaner” (Federal Trojan), though that name is normally applied to the legal concept that allows German police to make … Read More.
(No Ratings Yet) Loading ...Towering Qbot Certificates
By Robert Lipovský at 27 September, 2011, 9:20 am
New stolen digital certificates are used by the multi-purpose backdoor Qbot.
The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed. The … Read More.
(No Ratings Yet) Loading ...The Induc Virus is back!
By Robert Lipovský at 14 September, 2011, 12:12 pm
ESET has discovered a new version of the Delphi infector, Win32/Induc. Unlike its predecessors, however, this variant incorporates a seriously malicious payload and has acquired some extra file infection and self-replicative functionality.
Two years ago, we published comprehensive information (here , here, and here) about the virus Win32/Induc.A, which infected Delphi files at compile-time. Though not … Read More.
(No Ratings Yet) Loading ...Back to School Qbot, now Digitally Signed
By Robert Lipovský at 7 September, 2011, 11:46 am
The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed.
Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007, with … Read More.
(No Ratings Yet) Loading ...Win32/Delf.QCZ:Trust Me, I’m Your Anti-Virus
By Robert Lipovský at 3 August, 2011, 8:02 pm
Among the many different trojans that spread on Facebook, something popped up recently that caught our particular attention. The threat, detected by ESET as Win32/Delf.QCZ, is interesting for several reasons.
Distribution
First, let’s look at the distribution vector. Win32/Delf.QCZ relies on the old “fake codec/media player trick” and links to the malware-laden site are spread via Facebook … Read More.
(No Ratings Yet) Loading ...Come along, little doggy, come along
By Robert Lipovský at 26 July, 2011, 11:53 am
The most common malware technique for avoiding detection is to create loads of “fresh” variants. Actually, the component that changes so frequently is the packer – the outer layer of the malware, used by malware authors to encrypt the malware and make it harder to detect – whilst the functionality of the malicious code inside … Read More.
(No Ratings Yet) Loading ...I take you, XPAntiSpyware, to be my…
By Robert Lipovský at 20 April, 2011, 12:32 pm
One of the most common ways to propagate malware through social engineering is to piggyback it on some attention-catching news event. This can be carried out using a variety of techniques and is certainly nothing new. One infamous example from 2007 was Win32/Nuwar (a/k/a the Storm Worm), which distributed through spam emails with current and/or … Read More.
(No Ratings Yet) Loading ...
