ESET Threat Blog

Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy.
If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a … Read More…

Late Monday, we received samples of a malware that spreads through instant messaging.  Detection was quickly added for this threat and David gave a nice summary of the events in a blog post.
When analyzing this binary, we found out that Win32/Inject.NBL has a couple of interesting characteristics.  First of all, we were able to identify … Read More…

We’re quite proud of our record of low false positive rates, despite the occasional slip-up (all AV scanners have them: it’s an unfortunate fact of life, but we like to think that our usefulness in detecting real malware outweighs them in the long term).
However, I’ve just been advised by our friends at Sophos (yes, … Read More…

According to the Wired blog, non-critical laptops in the International Space Station were infected in July with malware: according to spaceref.com it was a (fairly old)password stealer that captures gaming credentials and spreads using autorun.inf (See? We told you these were problems!). Spaceref.com also reckon that quite a few systems on the space station don’t carry … Read More…

ESET is very interested in and supportive of the Anti-Malware Testing Standards Organization (AMTSO), which aims to raise testing standards across the board and reduce the impact of misleading, poorly-conceived and -implemented comparative testing. Like many in the industry, we believe that benefits the end-user and the industry, and I’ve been heavily involved personally in … Read More…

There is a worm which is aggressively broadcasting itself to Windows Live Messenger users, and possibly via social networking services (MySpace, Hi5, etc.). It’s known to affect users of MSN, AIM and Triton, and we have had several reports from people who were contacted by compromised hosts.
When it infects a PC, the current version of the worm … Read More…

Pierre’s recent blog on fake invoices mentioned the problems we’re seeing nowadays with Trojans masquerading as anti-virus or anti-spyware programs, and this reminded me that I blogged on that topic recently at Quanta Security, one of the external sites for whom I sometimes do pro bono consultancy or guest writing.
(If you don’t get enough … Read More…

Over the last two weeks, we have seen an increase of fake e-mails pretending to contain invoices for various companies including UPS, Fedex and airlines from around the globe.  Subject of such e-mails include “Fedex tracking number 1234567890” or “E-ticket #1234567890”.  The body of the e-mail states that the recipient’s credit card has been charged … Read More…

Well, there’s not much doubt about the SecurityFocus view of the Race to Zero event. A report by Robert Lemos is festooned with advertising that states "If you want to stop a hacker…you have to act like one." Perhaps Symantec, who own SecurityFocus, can afford to be relaxed about the event, since their scanners weren’t represented … Read More…

An interesting comment turned up today to my "Malware du Jour" blog entry at Securiteam (http://blogs.securiteam.com/index.php/archives/1121). The poster asked a couple of questions, based on content from the ESET mid-year Global Threat Report, one of which was ‘How do you define "possibly unwanted applications [PUAs]?"’
My first thought was to refer him to the definition … Read More…