ESET Threat Blog

Our friends at Virus Bulletin are hosting a seminar later this month that looks as if it should be worth a visit. Of course, security seminars are ten a penny, but this one is organized by the security-knowledgeable but vendor-agnostic magazine whose annual conference is one of the major highlights of an anti-malware researcher's year. (Yes, we … Read More…

Tip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report. And, indirectly, leading us to a blip in some PoC code which now looks even more interesting. (But that isn't going public yet.)
The paper has been updated to remove the offending item.
David Harley CITP FBCS CISSP
ESET Senior … Read More…

Google translate is pretty cool, but they are missing a language. You can translate from Haitian Creole to Yiddish and from Galacian to Maltese, but you can’t translate from geekspeak to anything a regular person understands. The good part about this for me is that I have a job trying to do just that!
David Harley … Read More…

 While the LNK vulnerability patched by MS10-046 dominated the headlines when the Stuxnet carnival started rolling back in early summer 2010, one of the surprises of further analysis of the Stuxnet binaries/components is that it exploited no less than three other vulnerabilities that were generally unknown at the time. The print spooler attack (MS10-61) is, … Read More…

Congratulations to our friends at Virus Bulletin for yet another great conference (the 20th) in Vancouver this week. Congratulations also to our own Pierre-Marc Bureau, voted the best newcomer to the AV business at the conference.
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up … Read More…

The Stuxnet saga rolls on. And while a lot of talented people have been poring over the code for a while, some questions are still unresolved at this time, despite all the coverage..

Who is responsible for it?
Was it really the work of a nation team rather than hackers? Well, our analysis of the code certainly … Read More…

No, I'm not casting aspersions about the acting ability of Ms Jolie.
Yesterday I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers to a report by Trend Micro's Marco Dela Vega that criminals are making use of the fact that Quicktime Player 7.6.6 allows movie … Read More…

[2nd update: added another batch of links for additional background.]
We were getting used to seeing some positives in the whole Autorun exploiting malware thing: while Microsoft remains equivocal about rolling out the patch that mitigates it to XP and Vista users, at least there’s a fair amount of information around about how you can disable … Read More…

Juraj Malcho, Head of Lab at Bratislava, reports:
We've just encountered what appears to be a new Facebook scam in the wild. As of this moment we haven't seen any malicious content being served, but the content is changing even as I’m writing this post and it’s likely to serve malware soon. It spreads by adding a … Read More…

[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.]
Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.
As more … Read More…