1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar



Technical paper: Pitou whitepaper

Pitou: the "silent" resurrection of the notorious Srizbi kernel spambot

The recently observed Pitou threat shows similarities with the Srizbi spambot. In this whitepaper, we outline Pitou’s distribution methods, the kernel payload delivered by its droppers, how its bootkit functions and how it communicates with its C&C server.

>> Read the full report (PDF)


Technical paper: Lecpetex whitepaper

Lecpetex: Virtual currency mining gets social

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining, and contacts a command and control (C&C) server for additional commands.

>> Read the full report (PDF)


Technical paper: CosmicDuke whitepaper

COSMICDUKE: Cosmu with a twist of MiniDuke

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will search for and harvest login details from a range of programs and forward the data to remote servers, some of which were active at the time of writing.

>> Read the full report (PDF)


Technical paper: DeepGuard whitepaper

F-Secure DeepGuard: Proactive on-host protection against new and emerging threats

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and provides an overview of the technology and methodology used by DeepGuard, the Host-based Intrusion Prevention System (HIPS) of F-Secure’s security products.

>> Read the full report (PDF)


Technical paper: Flashback OS X Malware

Flashback OS X Malware

This report was originally presented and published at VB2012.

In 2011, we saw OS X come under siege by several malware families. Towards the end of the year, we saw new families or variants appear almost every week, where each was more sophisticated than the last. At the forefront of these developments was the Flashback malware.

>> Read the full report (PDF)


Presentation: It's Signed, therefore it's Clean, right?

It's Signed, therefore it's Clean, right?

This document was originally presented at CARO 2010

This presentation discusses Authenticode signing, its usage by developers (particularly in the antivirus industry) and ways that code signing can be abused in order to spread malware and allow it to install

>> View the presentation (PDF)



News from the Labs

Stay aware of what's going on in the security scene. Check out the latest findings from the F-Secure Labs.


F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.