ESET Research

A new and effective banking trojan has been discovered targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. It uses very credible-looking phishing-like campaigns, related to trustworthy organizations, to lure victims into running the malware.

A few months ago on this blog I described PowerLoader functionality - including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.

We look at malware delivered by a campaign that has infected thousands of websites around the world - and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.

Orbit Downloader by Innoshock is a popular browser add-on often used to download embedded videos from sites such as YouTube. But the popular add-on has disturbing hidden functions.

In this blog post we confirm that the Avatar rootkit continues to thrive in the wild, and disclose some new information about its kernel-mode self-defense tricks. We continue our research into this malware family.

Java has been – and still is – one of the more problematic issues security-wise. A website showing song lyrics from Golden Earring's Radar Love shows off problems that can leave users at the mercy of Java attacks.

A new paper aims to profile the victims most likely to fall for a phishing attack. But what is less clear is how you develop a profile while avoiding the pitfalls of stereotyping.

The Home Campaign is a malware campaign that uses a modified variant of Darkleech to direct visitors to the Blackhole exploit kit. We want to give a better idea of the size and extent of this campaign.