ESET Threat Blog

Well, nearly. And please forgive my uncharacteristic enthusiasm, but Virus Bulletin's annual conference is really one of the highlights of the year for the research community. Not only because of the quality of the event itself (which is very, very high!) but also because it's one of the few events that most of us manage … Read More…

[Updated. Twice. ]
'Tis the season to get ready for the autumn round of security conferences. For me, it starts at the beginning of September with a small but perfectly formed Forensics conference at Canterbury Christ Church University, in the UK, where I'll be presenting on "Man, Myth, Malware and Multiscanning" – a presentation I'm … Read More…

One that will be of most interest to our readers in the UK, I guess.
Our friends at Virus Bulletin are holding another "Securing Your Organization in the Age of Cybercrime" seminar, this time on the Open University Campus at Milton Keynes on the 24th May. The full agenda is already available on that page, and includes … Read More…

This is the 3rd volume of an ongoing Stuxnet resources blog article, supplementing our paper "Stuxnet Under the Microscope". Volume 1 is at http://blog.eset.com/?p=5731, and volume 2 is at http://blog.eset.com/?p=5913.  
Added 30th March 2011
Nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally … Read More…

[Update 23rd January 2011: volume 3 of this resource has just kicked off at http://blog.eset.com/?p=5945: volume 1 is at http://blog.eset.com/?p=5731.]
@imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even. I hope he won't think I'm fawning by maintaining resource lists in the … Read More…

[Updated 21st January because when going back to check on something I'd said here, I noticed that I'd had a slip of concentration and said something so stupid, I'm not going to tell you what it was. ]
It was to be expected that there'd be a lot of media interest following the New York … Read More…

I had an interesting conversation a few days ago with journalist/author John Markoff. I don't know that I was much help to him, since he was asking about the more speculative issues around the origin, purpose and targeting of Stuxnet, rather than on the details of the actual binaries and the ascertainable demographics which have … Read More…

Further to my earlier blog about Stuxnet resources, version 1.31 of "Stuxnet Under the Microscope" is now available on the white papers page.  It's been updated to add pointers to additional resources, and this is probably the last update of the document. However, any further relevant resources will be added to a list here.
Aleksandr Matrosov … Read More…

 [Latest update: 20th January 2011. Note that because this resource was becoming longer than anticipated and somewhat unwieldy, second  and third "volumes" of more recent links arenow available at http://blog.eset.com/?p=5913 and http://blog.eset.com/?p=5945 ]
The Stuxnet analysis "Stuxnet Under the Microscope" by Aleksandr Matrosov, Eugene Rodionov, David Harley, and Juraj Malcho, has, unlike most ESET white papers, been subject to … Read More…

Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers. Details as follows.
Stuxnet Under the Microscope 
By Alexandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho, December 2010
Summary: Version 1.3 of a comprehensive analysis of the Stuxnet phenomenon, updated to include further information on the now-patched Task Scheduler … Read More…