ESET Threat Blog
Home > Threat Blog
- Most Recent
- |
- Most Popular
- |
- Most Discussed
From Georgia With Love: Win32/Georbot information stealing trojan and botnet
by Righard Zwienenberg Senior Research Fellow
March 21, 2012 at 6:00 am
Malicious software that gets updates from a domain belonging to the Eurasian state of Georgia? This unusual behavior caught the attention of an analyst in ESET's virus laboratory earlier this year, leading to further analysis which revealed an information stealing trojan being used to target Georgian nationals in particular. After further investigation, ESET researchers were … Read More…
Win32/Carberp Gang on the Carpet
by David Harley Senior Research Fellow
March 20, 2012 at 12:54 pm
[Update: police have issued a video of the man they say ran the whole group.]
We've spent quite a lot of time on this blog in the last year or more discussing Win32/Carberp, which has also found its way into the occasional paper and presentation.
So it gave us particular pleasure to see that our friends at … Read More…
Drive-by FTP: a new view of CVE-2011-3544
by David Harley Senior Research Fellow
March 19, 2012 at 9:57 am
[Some interesting research reported by Aleksandr Matrosov]
[Update: minor edits to graphics]
[Update 2: two additional FTP server graphics added at the end.]
Not long ago we received interesting information from an independent security researcher from Russia, Vladimir Kropotov. (We will be presenting our joint research with him at CARO 2012.) We started to research this information and … Read More…
OSX/Imuler updated: still a threat on Mac OS X
by Alexis Dorais-Joncas Security Intelligence Team Lead
March 16, 2012 at 10:02 am
The Mac OS X information stealing malware OSX/Imuler, initially discovered last fall, has resurfaced. This time, instead of being installed by the OSX/Revir.A dropper, this new variant of OSX/Imuler hides itself inside a ZIP archive, right in the middle of an array of erotic pictures, waiting for the user to open the malicious application.
This new … Read More…
Fake Support, And Now Fake Product Support
by David Harley Senior Research Fellow
March 15, 2012 at 8:02 am
[Update: there is now a well-considered response from Avast! on its blog here.]
There's a blog article I've been wanting to write for a few days, but haven't so far been able to make time for. However, Martijn Grooten drew my attention to a blog on much the same topic from our friends at Avast! and … Read More…