Investigation beyond the event horizon aleksandr matrosov, eset eugene rodionov, eset dmitry volkov, groupib. He currently holds a senior security researcher position in the advanced threat research team at intel. Aleksandr matrosov eugene rodionov, eset defeating x64 modern trends of kernel mode rootkits. The most radical were those made to its mechanisms for selfembedding into the system and surviving reboot, said aleksandr matrosov, a senior malware researcher at eset, in an analysis of tdl4. Trademarks used therein are trademarks or registered trademarks of eset, spol. Eugene rodionov, senior research fellow david harley, eset on. Cybercriminals are using the tor network to control their. Alexandr matrosov summarizes the evolution of complex threats using hidden storage, as discussed in his presentation with eugene rodionov at virus bulletin 2012. Aleksandr matrosov, eugene rodionov, david harley, and juraj malcho, stuxnet under the microscope revision 1.
Eset nod32 antivirus eset internet security eset smart security premium eset smart security eset mobile security for android eset parental control for android eset smart tv security eset cyber security for macos eset cyber security pro for macos eset nod32 antivirus for linux desktop eset antitheft eset social media scanner eset. It has been about two years since the win32olmarik also known as tdss, tdl and alureon family of malware programs started to evolve. Aleksandr matrosov, eugene rodionov, dmitry volkov, david harley. I joined the company in october 2009 as a senior malware researcher and am currently working as security intelligence team. In our previous blog post, we described how the latest microsoft security update modified the windows os loader winloader. Provides antivirus software for home and business users, with firewall and antispam options also available. The loader downloads and sets up a bot which represents a kernelmode. Aleksandr matrosov aleksandr matrosov has more than ten years of experience with malware analysis, reverse engineering and advanced exploitation techniques. The fourth version of the tdl rootkit family is the. Alexander matrosov, eugene rodionov modern technologies in. Aleksandr matrosov discussed the redyms family of trojans, its similarity to the tdl family of malware, and its penchant for hijacking the search traffic of affected users.
He is also a lecturer at the cryptology and discrete mathematics at national nuclear research university meph. Thanks to plugin modules, win32festi is capable of being used for ddos attacks. All carberp cybercriminals arrested, but infection rates. Little orphan olmarik loves daddy gangstabucks sc media. Payload download in process infecting all in one malware code packing yes yes code obfuscation yes yes antiav functionality yes yes. The malwares kernelmode driver implements backdoor functionality and is capable of updating. Aleksandr also provided a look into the malware family of caphaw, which uses a variety of modules to achieve stealth, and additional functionality. Technical analysis of the festi botnet, one of the most powerful botnets for sending spam and performing ddos attacks. Eugene rodionov eset aleksandr matrosov intel david harley eset. Indeed, there are several security enhancements that were introduced in 64bit windows oss such as kernelmode. Aleksandr matrosoveugene rodionov, eset defeating x64 modern trends of kernel mode rootkits. This presentation is confidential and not subject to public disclosure 3.
Another good technical description entitled stuxnet under the microscope was written by aleksandr matrosov, eugene rodionov, david harley, and juraj malcho of eset. Alexander matrosov has more than ten years of experience of malware analysis, reverse engineering and advanced exploitation techniques. Aleksandr matrosov reveals changes in banking trojan carberp relating to javaspy. In july eset researchers detected two different types of torbased botnets based on the malware families win32atrax and win32agent. David harley, alexandr matrosov or robert lipovsky to name a few. Aleksandr matrosov, senior virus researcher eugene rodionov, rootkit analyst. In july, eset researchers anton cherepanov, malware researcher and aleksandr matrosov, security intelligence team lead, detected two different types. Download rootkit escalate local privilege install rootkit kernelmode exploit. Aleksandr matrosov know better than me this threat go have a look his article.
Eset internet security 10 tnod user password finder duration. Dropper bypassing hipsav evolution of rootkit features x86 privilege escalation. Cybercriminals increasingly use the tor network to control. Alleged carberp botnet ringleader busted dark reading. Pta, is part of a malware family known since 2012, the eset researchers said. All carberp cybercriminals arrested, but infection rates still high. The most radical were those made to its mechanisms for selfembedding into the system and surviving reboot, said aleksandr matrosov, a senior malware researcher at. Stuxnet under the microscope aleksandr matrosov, senior virus researcher. Payload download in process infecting all in one malware code packing yes yes code obfuscation yes yes.
Our colleagues aleksandr matrosov and eugene rodionov are tracking the evolution of tdl4 also known as win32olmarik. Consider how eset senior malware researcher aleksandr matrosov describes win32festi, one of the three most active spam botnets worldwide in may of 2012. The following is a report on the latest tdl4 update, released last week. Over the previous four years he focused on advanced malware research at eset. Apr 19, 2011 aleksandr matrosov is a senior malware researcher at eset.
I would like to congratulate aleksandr matrosov and eugene rodionov on winning the award, and thank them for their excellent presentation, said allan dyer, conference chair. Also, chief research officer at eset, juraj malcho, has been chosen by wildlist international as their reporter of the year. Alexander matrosov, eugene rodionov modern technologies. Jul 04, 2011 in a draft of harleys white paper shown to infosecurity and which is being cowritten by eugene rodionov, an eset malware researcher and aleksandr matrosov, a senior malware researcher with the firm the active spread of tdl4 started in august 2010 and since then several versions of the malware have been released. However, the tor functionality is a new addition to it, they said. Festi is a rootkit and a botnet created on its basis. February 5, 1924 february 22 or 27, 1943, born in yekaterinoslav now dnipro was a soviet infantry soldier during the second world war, awarded the.
Stuxnet under the microscope pennsylvania state university. The symantec and eset documents tell the technical story of stuxnet from an information assurance perspective. In case you run into issues, please provide us feedback using the feedback box on the start page. Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims systems. Aleksandr matrosoveugene rodionov, eset defeating x64.
Account of an investigation into a cybercrime group aleksandr matrosov, senior virus researcher eugene rodionov, rootkit analyst eset, derbenevskaya nab. Aleksandr matrosoveugene rodionov, eset defeating x64 modern. Jul 03, 2012 all carberp cybercriminals arrested, but infection rates still high. Cybercriminals increasingly use the tor network to control their botnets, researchers say researchers from eset discovered two new malware threats that use control servers within the tor anonymity. Aleksandr matrosov is a senior malware researcher at eset.
Eset, the global leader in proactive digital protection, and intel security, announced today that the companies will be speaking about collaborative malware research at black hat 2015 on wednesday, august 5 in las vegas. Stuxnet under the microscope aleksandr matrosov, senior virus researcher eugene rodionov, rootkit analyst. Eugene rodionov eset aleksandr matrosov eset download slides pdf the microsoft windows x64 platform is considered to be more secure than the x86 one. How to hijack a controllerwhy stuxnet isnt just about. Cybercriminals increasingly use the tor network to control botnets, researchers say.
This template should cover the most common cases when wanting to add a new library entry. The authors of the rootkit implemented one of the most sophisticated and advanced mechanisms for bypassing various protective measures and security mechanisms embedded into the operating system. David harley, eset north america aleksandr matrosov, eset. Currently working at eset as senior malware researcher since joining the company in october 2009 as a malware researcher. Researchers discover first 64bit botnet malware more to. Eset nod32 antivirus eset internet security eset smart security premium eset smart security eset mobile security for android eset parental control for android eset smart tv security eset cyber security for macos eset cyber security pro for macos eset nod32 antivirus for linux desktop my. Pta, eset malware researchers anton cherepanov and aleksandr. Get your kindle here, or download a free kindle reading app. In a draft of harleys white paper shown to infosecurity and which is being cowritten by eugene rodionov, an eset malware researcher and aleksandr matrosov, a senior malware researcher with the firm the active spread of tdl4 started in august 2010 and since then several versions of the malware have been released. Trends and issues robert lipovsky, aleksandr matrosov and dmitry volkov 2. Eset introduced a new license key previously known as activation key that replaces usernamepassword license credentials.
Trends and issues robert lipovsky, aleksandr matrosov and dmitry volkov. Preface this report is devoted to the analysis of the notorious stuxnet worm win32stuxnet that suddenly. David harley, eset north america aleksandr matrosov, eset russia eugene rodionov, eset russia this article was originally published in the 50th issue of hakin9 magazine in february 2012, and this preprint version is made available here by permission of software press. Expressions based on puns about practicing safe hex always use protection. Eset security researcher eugene rodionov will be copresenting with security researchers from intel security, a panel entitled, distributing the reconstruction of high. He specializes in the analysis of malicious threats and cybercrime activity.
The microsoft windows x64 platform is considered to be more secure than the x86 one. Apr 05, 20 alleged carberp botnet ringleader busted. Apr 22, 2011 malware bypasses security on 64bit windows os. Payload download in process infecting all in one malware code packing yes yes.
Eset nod32 antivirus, eset smart security, eset endpoint. G u n g s t a b u c k s p p i in fr a s t r a c t u r e h t t p. Pta, eset malware researchers anton cherepanov and aleksandr matrosov said wednesday in a. The fourth version of the tdl rootkit family is the first. Aleksandr matrosov eugene rodionov, eset, defeating x64. When you have purchased a license for an eset product, you have received an email from eset containing your esetissued username and password. Alex matrosov attacking hardware root of trust from uefi firmware duration. Aleksandr matrosov, senior virus researcher eugene rodionov, rootkit analyst david harley, senior research fellow juraj malcho, head of virus laboratory.
248 378 82 84 608 677 545 171 964 971 40 1312 258 1132 240 404 1342 578 1506 300 684 684 529 1092 850 63 1418 1033 30 534 175 283 754 1038 8 641 493 641 842 1131 1316 824 1078 1198 975 651 1075 1461 20 318 522