Jean-Ian Boutin

Jean-Ian Boutin

Director of Threat Research


Education? B. Eng. Electical Engineering / M. Eng. Computer Engineering

Highlights of your career? My career highlight at ESET was able to present research I conducted at conferences such as Virus Bulletin and ZeroNights.

Position and history at ESET? I joined ESET in 2011. I am a malware researcher in the Security Intelligence program.

What malware do you hate the most? Win32/SpyEye. It was the first investigation I did when I joined ESET and, while it was a good learning experience, I still resent it ;)

Favorite activities? I love playing with my kids, cycling, jogging and playing the piano.

What is your golden rule for cyberspace? Be paranoid enough.

When did you get your first computer and what kind was it? My dad got me my first computer – a Commodore-64 – in 1988.

Favorite computer game/activity? My favorite computer game is the EA NHL series.


32 articles by Jean-Ian Boutin

ESET research

Brolux trojan targeting Japanese online bankers

Brolux trojan targeting Japanese online bankers

ESET research

Brolux trojan targeting Japanese online bankers

A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.

Jean-Ian Boutin and Anton Cherepanov15 Oct 20154 min. read


ESET research

Operation Buhtrap, the trap for Russian accountants

Operation Buhtrap, the trap for Russian accountants

ESET research

Operation Buhtrap, the trap for Russian accountants

The Operation Buhtrap campaign targets a wide range of Russian banks, used several different code signing certificates and implements evasive methods to avoid detection.

Jean-Ian Boutin09 Apr 20159 min. read


ESET research

The Evolution of Webinject

The Evolution of Webinject

ESET research

The Evolution of Webinject

Last month, we presented “The Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

Jean-Ian Boutin23 Oct 20143 min. read


ESET research

Facebook Webinject Leads to iBanking Mobile Bot

Facebook Webinject Leads to iBanking Mobile Bot

ESET research

Facebook Webinject Leads to iBanking Mobile Bot

iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone.

Jean-Ian Boutin16 Apr 20144 min. read


ESET research

Qadars – a banking Trojan with the Netherlands in its sights

Qadars – a banking Trojan with the Netherlands in its sights

ESET research

Qadars – a banking Trojan with the Netherlands in its sights

The first sign we saw of this malware was in mid-May 2013, but it is still very active, and uses Android to bypass two-factor authentication systems. It clearly seeks to infect Dutch computers - 75% of detections come from this region.

Jean-Ian Boutin18 Dec 201312 min. read


ESET research

Nymaim: Browsing for trouble

Nymaim: Browsing for trouble

ESET research

Nymaim: Browsing for trouble

We have already discussed how a system gets infected with Win32/Nymaim ransomware. In this blog post, we reveal a new infection vector, a study of the different international locker designs and ransom prices as well as a complete technical analysis of its communication protocol.

Jean-Ian Boutin23 Oct 20136 min. read


ESET research

Nymaim - obfuscation chronicles

Nymaim - obfuscation chronicles

ESET research

Nymaim - obfuscation chronicles

We look at malware delivered by a campaign that has infected thousands of websites around the world - and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.

Jean-Ian Boutin26 Aug 20137 min. read


ESET research

Operation Hangover: more links to the Oslo Freedom Forum incident

Operation Hangover: more links to the Oslo Freedom Forum incident

ESET research

Operation Hangover: more links to the Oslo Freedom Forum incident

In our previous post on Operation Hangover, we revealed the existence of an attack group, apparently operating from within India, who were mainly targeting systems in Pakistan. In this post, we will analyze the Mac OS X samples that have been linked to this group and will provide new evidence that the Mac and Windows spywares are related.

Jean-Ian Boutin05 Jun 20132 min. read


ESET research

Targeted information stealing attacks in South Asia use email, signed binaries

Targeted information stealing attacks in South Asia use email, signed binaries

ESET research

Targeted information stealing attacks in South Asia use email, signed binaries

Detailed analysis of a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan.

Jean-Ian Boutin16 May 20139 min. read