Aleksandr Matrosov

Aleksandr Matrosov

Security Intelligence Team Lead


Education: Master of Information Security (2007) at National Nuclear Research University "MEPHI" Bachelor of Electronics (2001) at Moscow College of Management and New Technologies

Highlights of your career? I have more than ten years of experience with malware analysis, reverse engineering and advanced exploitation techniques. Worked as a security researcher since 2003 for major Russian IT companies. Frequently invited to speak at major security conferences with hardcore technical stuff.

Position and history at ESET? I joined the company in October 2009 as a Senior Malware Researcher and am currently working as Security Intelligence Team Lead. My team researches the most complex threats.

What malware do you hate the most? Stuxnet and Flame families for tons of C++ code.

Favorite activities? Reverse engineering, automation of RE processes and research in modern exploitation techniques.

What is your golden rule for cyberspace? Don't trust anybody, because you don’t know who is really sitting on other side of the communication channel and bad guys can play with your trust.

When did you get your first computer and what kind was it? My first experience with personal computers was with a ZX Spectrum in 1992. My first PC with i486DX4 on the board was purchased in 1995.

Favorite computer game/activity? I like cyberpunk computer game series as System Shock and Deus Ex. But lately my favorite computer game has been IDA Pro disassembler ;)


26 articles by Aleksandr Matrosov

ESET research

Java the Hutt meets CVE-2012-1723: the Evil Empire strikes back

Java the Hutt meets CVE-2012-1723: the Evil Empire strikes back

ESET research

Java the Hutt meets CVE-2012-1723: the Evil Empire strikes back

The Java exploit for CVE-2012-1723 is already included in the latest update of the BlackHole exploit kit.

Aleksandr Matrosov10 Jul 20123 min. read


ESET research

All Carberp botnet organizers arrested

All Carberp botnet organizers arrested

ESET research

All Carberp botnet organizers arrested

Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.

Aleksandr Matrosov02 Jul 20123 min. read


ESET research

ZeroAccess: code injection chronicles

ZeroAccess: code injection chronicles

ESET research

ZeroAccess: code injection chronicles

New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.

Aleksandr Matrosov25 Jun 20124 min. read


ESET research

CVE2012-1889: MSXML use-after-free vulnerability

CVE2012-1889: MSXML use-after-free vulnerability

ESET research

CVE2012-1889: MSXML use-after-free vulnerability

Aleksandr Matrosov20 Jun 20123 min. read


ESET research

Smartcard vulnerabilities in modern banking malware

Smartcard vulnerabilities in modern banking malware

ESET research

Smartcard vulnerabilities in modern banking malware

Aleksandr Matrosov and Eugene Rodionov presented their research into “Smartcard vulnerabilities in modern banking malware” at PHDays'2012.

Aleksandr Matrosov05 Jun 20123 min. read


ESET research

Carberp Gang Evolution: CARO 2012 presentation

Carberp Gang Evolution: CARO 2012 presentation

ESET research

Carberp Gang Evolution: CARO 2012 presentation

The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.

Aleksandr Matrosov24 May 20123 min. read


ESET research

King of Spam: Festi botnet analysis

King of Spam: Festi botnet analysis

ESET research

King of Spam: Festi botnet analysis

Aleksandr Matrosov11 May 20122 min. read


ESET research

Exploit Kit plays with smart redirection (amended)

Exploit Kit plays with smart redirection (amended)

ESET research

Exploit Kit plays with smart redirection (amended)

Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)

Aleksandr Matrosov05 Apr 20124 min. read