ESET Threat Blog

While trying desperately to catch up with some email before flying out for the upcoming AMTSO workshop, I came upon a reference (tip of the hat to Rob Slade) to an article by Loren Grush about a "Supertrojan computer virus".
Despite my inevitable supersighs at terminology that confuses "Trojan" and "virus", this turns out not to … Read More…

The next AMTSO members meeting is getting pretty close…
It's being held in San Mateo on the 10th and 11th February. More information, including the preliminary agenda, on the AMTSO meetings page.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_5955()’,1000);window.setTimeout(‘loadFBLike_5955()’,1000);window.setTimeout(‘loadGoogle1_5955()’,1000);window.setTimeout(‘loadGBuzz_5955()’,1000);window.setTimeout(‘loadTwitter_5955()’,1000); }); function loadLinkedin_5955(){ jQuery(document).ready(function($) { $(‘.dd-linkedin-5955′).remove();$.getScript(‘http://platform.linkedin.com/in.js’); }); } function loadFBLike_5955(){ jQuery(document).ready(function($) { $(‘.dd-fblike-5955′).remove();$(‘.DD_FBLIKE_AJAX_5955′).attr(‘width’,’92′);$(‘.DD_FBLIKE_AJAX_5955′).attr(‘height’,’20′);$(‘.DD_FBLIKE_AJAX_5955′).attr(‘src’,'http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.eset.com%2F2011%2F01%2F23%2Famtso-members-meeting&locale=en_US&layout=button_count&action=like&width=92&height=20&colorscheme=light’); }); … Read More…

It must be be my lucky month. I've been getting lots of calls offering to save my PC from system errors. (Sadly, this is an instance where regional "don't cold call" lists don't help, since the calls are being routed from… well, if you've been following my blogs on this topic, you can guess where.) 
A few days … Read More…

False positives, that is. As I've made clear here before, ESET does not subscribe to the "Let's crow about another company's false positive problem" model of marketing.  That doesn't mean we're not aware of the importance of the issue, or that we don't work pretty hard to minimize its impact on our customers, but we're painfully aware that there's … Read More…

The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain.
The article is also linked from the ESET white papers page.
David … Read More…

I've just returned from the Anti-Malware Testing Standards Organization (AMTSO) workshop in Munich last week. Lots of useful work was done, but one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate in workshops and in discussion around … Read More…

1)
Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine.
Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they made of … Read More…

Congratulations to our friends at Virus Bulletin for yet another great conference (the 20th) in Vancouver this week. Congratulations also to our own Pierre-Marc Bureau, voted the best newcomer to the AV business at the conference.
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up … Read More…

The next meeting of AMTSO (the Anti-Malware Testing Standards Organization) will be held in Munich on the 21st and 22nd October. Details of the venue, registration and so on are available on the AMTSO web page.
The preliminary Munich Meeting Agenda has also been published, That may look like the sort of dry heads-down- and-generate-some-useful-documents work that … Read More…

Everyone hates false positives (FPs). Well, nearly everyone. For purveyors of fake anti-malware products, deliberate FPs are a source of income… 
However, real security vendors hate them because every false positive is a significant detection failure, even if no-one notices (it's quite possible that most FPs pass unnoticed by anyone because the circumstances under which the scanner would … Read More…