ESET Threat Blog

A few years ago, from time to time I used to visit the school where my wife taught IT, to talk to some of their students about IT security. In fact, we wrote a paper at that time(along with my good friend Eddy Willems), based on some research data we gathered between us in the … Read More…

Update: Mila's own blog on the topic is now available here. Other vendors may find the MD5 useful:   A1B3E59AE17BA6F940AFAF86485E5907. However, Mila reports that detection of the sample is already improving.
Update 2: just to clarify, Aleksandr and Eugene should get the credit for the analysis, as is usual with our collaborations. I'm just the scribe/editor … Read More…

Aleksandr Matrosov, one of my colleagues in Moscow, writes:
This month we discovered some new facts relating to Win32/Carberp trojan activity. We have spent a lot of time writing about Carberp already, but interesting information is still coming to light. The first interesting information to attract our attention recently concerned stealing money from Facebook users. Before … Read More…

I tend not to try to compete with sites like Facecrooks that specialize in tracking malware issues: however, they've just flagged a scam that has apparently already tricked around 300,000 Facebook users into Liking a scam page, and are appealing for people to report it to Facebook in the hope of getting the scam site … Read More…

A couple of weeks ago, some of my Facebook friends were putting up messages telling the world what was number one in the charts the day they were born and in some cases providing a link to a video. While it was depressing to realize how young so many of my friends were – I … Read More…

Way back in the 1990s, during the Q&A session after an EICAR presentation on social engineering, there was an animated discussion arising from some slides I'd included on password selection and usage. Some wondered why we were still discussing and promoting password strategies when there were (and are) better alternatives to static passwords.
ENTER PASSWORD:

Timeslip… Before you … Read More…

Just published in SC Magazine's Cybercrime Corner, expanding on a conversation I had recently with Kevin Townsend, is an article on "Great Expectations" that discusses WPS, "Whoops!!!," the Grim Reaver, and what you can expect from anti-virus. In terms of vulnerability detection, that is.
I'm tempted to say "what the Dickens!" but perhaps I won't in case … Read More…

It's a little ironic. My earlier blog Autorun and Conficker not dead yet: Threat Trends Report shows that over the whole year, Conficker and INF/Autorun maintained the top two places worldwide according to our ThreatSense.Net® telemetry. This morning I got to see the ThreatSense statistics just for the month of December.

As you'd expect, INF/Autorun and Win32/Conficker are … Read More…

There's been a certain amount of excitement in the last day or so about ZeuS-related malware that appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group) in order to make it look more official and persuade victims to click on the malicious attachment.

I've gone into more detail … Read More…

So farewell, then, 2011. (With apologies to Private Eye's poet-less-than-laureate E.J. Thribb.)
ESET's December ThreatSense Report, as before, looks at threat trends over the year, rather than just the past month. In particular, we've noted that despite the very real impact of Microsoft's countermeasures this year against infection by the type of threat we generally categorize as … Read More…