ESET Threat Blog

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as … Read More…

I recently received a couple of questions about signatures from a reader.
1- You said that ESET receives around 200000 unique malware samples daily, so does ESET detect most of them or detect only the malwares that their signatures are listed here: http://www.eset.com/threat-center/threatsense-updates ?
2- Nowadays why signatures are written? Are they written to detect malwares initially, … Read More…

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking.
1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same?
2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled with generic … Read More…

The top ten (twenty, twenty-five…) season doesn’t seem to have finished yet: the latest to cross my radar was something like seven ways of surviving the recession, which I’m sure is of interest to all of us, but not really in scope for this blog.
So here’s a snippet from our 2008 Global Threat Report, … Read More…

You may be aware that in addition to our semi-annual global threat trends reports, we also do a monthly report. Much of this report is trend analysis based on data from our ThreatSense.Net threat tracking system. ThreatSense.Net® is an advanced threat tracking system which reports detection statistics from tens of millions of client computers around the … Read More…

AV-Comparatives, one of the major anti-malware testing organizations, has just announced its retrospective test for November. Retrospective or "frozen" testing involves testing the ability of one or more products to detect threats proactively, using techniques such as advanced heuristics rather than signature detection.
The test used new and unique samples received between 4th and 31st … Read More…

…and it’s still hybrid. Or multi-layered, if you prefer. What anti-malware companies (and malware authors, if it comes to that) are constantly doing is revisiting concepts that have worked before so that they fit the current environment better: there’s nothing wrong with an evolutionary approach, but changing the terminology doesn’t make it revolutionary. So what Larry … Read More…