ESET Threat Blog

Back in 2008, EICAR rejected a paper proposed by Andrew Lee and myself discussing the state of anti-malware testing and how it might be improved, on the grounds that it was “advertising” the fledgling AMTSO (Anti-Malware Testing Standards Organization) initiative. You can decide for yourselves whether that criticism was justified: the same paper was accepted … Read More…

[Updated. Twice. ]
'Tis the season to get ready for the autumn round of security conferences. For me, it starts at the beginning of September with a small but perfectly formed Forensics conference at Canterbury Christ Church University, in the UK, where I'll be presenting on "Man, Myth, Malware and Multiscanning" – a presentation I'm … Read More…

It occurs to me that I haven't recently posted any pointers to our content on SC Magazine's Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far…)
Babushka* dollars
David Harley, May 19, 2011
It's not surprising, given how much cybercrime originates in Eastern … Read More…

It's been a busy few weeks. Last week I was in Krems, Austria for the EICAR conference. The week before, I was in Prague for the CARO workshop (where my colleagues Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov did a great presentation on "Cybercrime in Russia: Trends and issues" – more information on that shortly), … Read More…

Well, the EICAR conference earlier this month was in Krems, in Austria, where I hear that they're not averse to the occasional brandy, but I was actually perfectly sober when I delivered my paper on Security Software & Rogue Economics: New Technology or New Marketing? (The full abstract is available at the same URL.)
To conform with EICAR's usual … Read More…

That Magic Lantern thing just keeps raising its head (and an ugly little head it is too, poor thing…) Earlier this week I was in Krems, Austria, for the EICAR conference,and the story was alluded to in a paper by Eric Filiol and Alan Zaccardelle called “Magic Lantern… Reloaded/Anti-Viral psychosis McAfee Case," though it was kind … Read More…

The March Threatsense report at http://www.eset.com/us/resources/threat-trends/Global_Threat_Trends_March_2011.pdf includes, apart from the Top Ten threats:

a feature article on Japanese-disaster-related scamming by Urban Schrott and myself
news of the Infosec Europe expo in London on the 19th-21st April, the AMTSO and CARO workshops in Prague in May, and the EICAR Conference in Austria that follows
the story of a fake AV … Read More…

EICAR (formerly known as the European Institute for Computer Anti-virus Research, though that title hasn't been used for a good while) is best known for its yearly conference and for the EICAR test file, which can be used as an installation check with most anti-virus programs to check that it's installed and active.
Sadly, I've been … Read More…

Here are a few papers and articles that have become available in the last week or two.
Shortcuts to Insecurity: .LNK Exploits is an article for Security Week (http://www.securityweek.com) on the .LNK vulnerability classified as CVE-2010-2568 and exploited by Win32/Stuxnet.
Stuxnet is not the only malware that exploits this vulnerability, of course, and the September issue of … Read More…

I returned yesterday from Paris, where I attended the iAWACS and EICAR conferences. One of the papers I co-presented at EICAR was on performance testing (as opposed to detection testing). It was written by Ján Vrabec and myself, and it's called "Real Performance?" Here's the abstract:
The methodology and categories used in performance testing of anti-malware … Read More…