Whitepapers

The latest research from Labs on threats and technology

Available whitepapers

100%x200

Ransomware: How to prevent, predict, detect & respond

Ransomware is one of the most prominent cyber threats today. Yet just like any other threat, a four-phase approach to cyber security...

Read more (PDF)

100%x200

NanHaiShu: RATing the South China Sea

This whitepaper details the malware being used by a threat actor to target government and private-sector organizations involved in a territorial dispute centered on the South...

Read more (PDF)

100%x200

F-Secure DeepGuard

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and ...

Read more (PDF)

100%x200

2015 Threat Report

In this report we summarize the main trends and incidents seen in 2015 that impacted computer and mobile security, as well as developments related to digital privacy.

Read more (PDF)

100%x200

F-Secure Adblocker

This whitepaper outlines the technical principles and benefits of blocking third-party advertising content (as provided by the F-Secure ADBLOCKER app for iOS devices) to enhance the user's web browsing experience.

Read more (PDF)

100%x200

F-Secure Security Cloud

F-Secure Security Cloud is a cloud-based digital threat analysis system operated by F-Secure Corporation. It consists of a constantly growing and evolving knowledge base of digital threats fed by data from...

Read more (PDF)

100%x200

The Dukes

This whitepaper explores the tools - such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc- of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working...

Read more (PDF)

100%x200

H2 2014 Threat Report

In this report we summarize the latest trends and developments seen in H2 2014 affecting computer and mobile security, as well as issues related to digital privacy.

Read more (PDF)

100%x200

CozyDuke

In this document we provide an overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations...

Read more (PDF)

100%x200

W64/Regin, Stage 1

In this document we describe the inner workings of the stage #1 of the complex malware threat by the name of Regin, specifically the version targeted at 64-bit machines running the Microsoft Windows operating system...

Read more (PDF)

100%x200

W32/Regin, Stage 1

In this document we analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin. Based on our analysis of the malware's functionalities, this part of the Regin threat can be considered ...

Read more (PDF)

100%x200

BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014 ...

Read more (PDF)

100%x200

H1 2014 Threat Report

The most notable trend in H1 2014 is the continued growth of ransomware and ransoming activities, on both desktop and mobile platforms. Meanwhile, Windows XP finally reached its end of life (EOL) mark on 8 April 2014...

Read more (PDF)

100%x200

Pitou: The "silent" resurrection of the notorious Srizbi kernel spambot

The recently observed Pitou threat shows similarities with the Srizbi spambot. In this whitepaper, we ...

Read more (PDF)

100%x200

COSMICDUKE: Cosmu with a twist of MiniDuke

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will ...

Read more (PDF)

100%x200

Lecpetex: Virtual currency mining gets social

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining ...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2014

Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we've seen in the last couple years.

Read more (PDF) Printer-friendly PDF

100%x200

Threat Report H2 2013

News of alleged massive data gathering and online surveillance activities by state entities raises privacy concerns. A Tor-using botnet grows while the arrest of a suspected creator/operator...

Read more (PDF)

100%x200

Mobile Threat Report Q3 2013

In this quarterly report on mobile threats, we explore the latest news, including the "Masterkey" vulnerability and exploit apps; banking trojans; and other notable threats and trends for mobile malware in Q3 2013.

Read more (PDF)

100%x200

Threat Report H1 2013

Exploit-based attacks, particularly against the Java development platform, continue to dominate. New developments continue in mobile malware, ransomware, Mac malware and phishing, as Bitcoin comes of age...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2013

While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend. The Android malware ecosystem is beginning to resemble to that which surrounds Windows...

Read more (PDF)

100%x200

Threat Report H2 2012

The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus) ...

Read more (PDF)

100%x200

Mobile Threat Report Q4 2012

The rise of Android malware can be largely attributed to the operating system's increasing foothold in the mobile market. Android's market share has risen to 68.8% in 2012, compared to 49.2% in 2011. On the threat side, its share rose to 79% in 2012 from 66.7% in 2011.

Read more (PDF)

100%x200

Mobile Threat Report Q3 2012

Despite Android's dominance in the mobile threat landscape, the Symbian malware scene is far from dead. 21 new families and variants were discovered in the third quarter of 2012, a 17% increase compared to the second quarter.

Download PPT

100%x200

Threat Report H1 2012

One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution...

Read more (PDF)

100%x200

Mobile Threat Report Q2 2012

After a while on the scene, Android malware has begun to explore new methods of infection. In May 2012, the first Android malware to use the drive-by download method was spotted in the wild...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2012

In Q1 2012, 37 new malware families and variants were discovered, which nearly quadrupled the number of new malware discovery a year earlier, in Q1 2011.

Read more (PDF)

100%x200

Flashback OS X Malware

This report was originally presented and published at VB2012.

In 2011, we saw OS X come under siege by several malware families At the forefront of these developments was the Flashback malware.

Read more (PDF)

100%x200

Mobile Threat Report Q4 2011

Android malware continues to expand rapidly in the fourth quarter of 2011, with malware originating from Russia forming a significant presence in the scene...

Read more (PDF)

100%x200

It's Signed, therefore it's Clean, right?

Originally presented at CARO 2010, this presentation discusses Authenticode signing, its usage by developers in the AV industry and ways that code-signing can be abused.

Read more (PDF)

100%x200

Threat Summaries Volume 1: 2011 - 2007

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2007 to 2011, in reverse chronological order.

Read more (PDF)

100%x200

Threat Summaries Volume 1: 2006 - 2002

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2002 to 2006, in reverse chronological order.

Read more (PDF)

100%x200

2015 Threat Report

In this report we summarize the main trends and incidents seen in 2015 that impacted computer and mobile security, as well as developments related to digital privacy.

Read more (PDF)

100%x200

H2 2014 Threat Report

In this report we summarize the latest trends and developments seen in H2 2014 affecting computer and mobile security, as well as issues related to digital privacy.

Read more (PDF)

100%x200

H1 2014 Threat Report

The most notable trend in H1 2014 is the continued growth of ransomware and ransoming activities, on both desktop and mobile platforms. Meanwhile, Windows XP finally reached its end of life (EOL) mark on 8 April 2014...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2014

Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we've seen in the last couple years.

Read more (PDF) Printer-friendly PDF

100%x200

Threat Report H2 2013

News of alleged massive data gathering and online surveillance activities by state entities raises privacy concerns. A Tor-using botnet grows while the arrest of a suspected creator/operator...

Read more (PDF)

100%x200

Mobile Threat Report Q3 2013

In this quarterly report on mobile threats, we explore the latest news, including the "Masterkey" vulnerability and exploit apps; banking trojans; and other notable threats and trends for mobile malware in Q3 2013.

Read more (PDF)

100%x200

Threat Report H1 2013

Exploit-based attacks, particularly against the Java development platform, continue to dominate. New developments continue in mobile malware, ransomware, Mac malware and phishing, as Bitcoin comes of age...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2013

While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend. The Android malware ecosystem is beginning to resemble to that which surrounds Windows...

Read more (PDF)

100%x200

Threat Report H2 2012

The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus) ...

Read more (PDF)

100%x200

Mobile Threat Report Q4 2012

The rise of Android malware can be largely attributed to the operating system's increasing foothold in the mobile market. Android's market share has risen to 68.8% in 2012, compared to 49.2% in 2011. On the threat side, its share rose to 79% in 2012 from 66.7% in 2011.

Read more (PDF)

100%x200

Mobile Threat Report Q3 2012

Despite Android's dominance in the mobile threat landscape, the Symbian malware scene is far from dead. 21 new families and variants were discovered in the third quarter of 2012, a 17% increase compared to the second quarter.

Download PPT

100%x200

Threat Report H1 2012

One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution...

Read more (PDF)

100%x200

Mobile Threat Report Q2 2012

After a while on the scene, Android malware has begun to explore new methods of infection. In May 2012, the first Android malware to use the drive-by download method was spotted in the wild...

Read more (PDF)

100%x200

Mobile Threat Report Q1 2012

In Q1 2012, 37 new malware families and variants were discovered, which nearly quadrupled the number of new malware discovery a year earlier, in Q1 2011.

Read more (PDF)

100%x200

Mobile Threat Report Q4 2011

Android malware continues to expand rapidly in the fourth quarter of 2011, with malware originating from Russia forming a significant presence in the scene...

Read more (PDF)

100%x200

Threat Summaries Volume 1: 2011 - 2007

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2007 to 2011, in reverse chronological order.

Read more (PDF)

100%x200

Threat Summaries Volume 1: 2006 - 2002

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2002 to 2006, in reverse chronological order.

Read more (PDF)

100%x200

Ransomware: How to prevent, predict, detect & respond

Ransomware is one of the most prominent cyber threats today. Yet just like any other threat, a four-phase approach to cyber security...

Read more (PDF)

100%x200

NanHaiShu: RATing the South China Sea

This whitepaper details the malware being used by a threat actor to target government and private-sector organizations involved in a territorial dispute centered on the South...

Read more (PDF)

100%x200

F-Secure DeepGuard

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and ...

Read more (PDF)

100%x200

F-Secure Adblocker

This whitepaper outlines the technical principles and benefits of blocking third-party advertising content (as provided by the F-Secure ADBLOCKER app for iOS devices) to enhance the user's web browsing experience.

Read more (PDF)

100%x200

F-Secure Security Cloud

F-Secure Security Cloud is a cloud-based digital threat analysis system operated by F-Secure Corporation. It consists of a constantly growing and evolving knowledge base of digital threats fed by data from...

Read more (PDF)

100%x200

The Dukes

This whitepaper explores the tools - such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc- of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working...

Read more (PDF)

100%x200

CozyDuke

In this document we provide an overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations...

Read more (PDF)

100%x200

W64/Regin, Stage 1

In this document we describe the inner workings of the stage #1 of the complex malware threat by the name of Regin, specifically the version targeted at 64-bit machines running the Microsoft Windows operating system...

Read more (PDF)

100%x200

W32/Regin, Stage 1

In this document we analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin. Based on our analysis of the malware's functionalities, this part of the Regin threat can be considered ...

Read more (PDF)

100%x200

BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014 ...

Read more (PDF)

100%x200

Pitou: The "silent" resurrection of the notorious Srizbi kernel spambot

The recently observed Pitou threat shows similarities with the Srizbi spambot. In this whitepaper, we ...

Read more (PDF)

100%x200

COSMICDUKE: Cosmu with a twist of MiniDuke

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will ...

Read more (PDF)

100%x200

Lecpetex: Virtual currency mining gets social

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining ...

Read more (PDF)

100%x200

Flashback OS X Malware

This report was originally presented and published at VB2012.

In 2011, we saw OS X come under siege by several malware families At the forefront of these developments was the Flashback malware.

Read more (PDF)

100%x200

It's Signed, therefore it's Clean, right?

Originally presented at CARO 2010, this presentation discusses Authenticode signing, its usage by developers in the AV industry and ways that code-signing can be abused.

Read more (PDF)