Internet of Things

A deep dive into Win32/Theola, one of the most malicious components of the notorious bootkit family, Win32/Mebroot.FX. Theola uses malicious Chrome browser plugins to steal money.

Malware infecting 25,000 computers, mostly in the United States, pumping out 80 million spam messages per hour? ESET researchers sinkhole to investigate Win32/TrojanDownloader.Zortob.B

Analysis of malicious code dubbed Win32/Caphaw (a.k.a. Shylock) attacking major European banks, with ability to automatically steal money when the user is actively accessing his banking account.

NBC.com may have sent visitors to infected URLs serving up Trojan software (RedKit) for 24 hours. At the time of this blog post ESET researchers still see some related sites similarly compromised.

Technical analysis of malware that abuses code signing certificates normally used to positively identify a software publisher and to guarantee code is unchanged.

ESET Ireland's Urban Schrott has blogged recently that "Research reveals nearly half of all Irish computers depend on free antivirus for protection".

ESET’s threat researchers received a surprise earlier this week when they began receiving reports from ESET LiveGrid that downloads of ComboFix, a tool popular with advanced users for removing malware, were detected as being infected by a variant of the Sality virus, Win32/Sality.NBA.

I received a “shared” messages from a friend about “a leaked scandal video of Justin Bieber and Selana Gomez” promising a “naked Justin Bieber”, with a Photoshopped picture, which we – for family-friendliness – censored a bit.

At the beginning of January 2013, we started tracking the interesting Win32/Redyms trojan family. Redyms is notable for changing search results from popular search engines on infected machines.