ESET Threat Blog

Introduction
Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8.
While Microsoft was an early adopter in the creation of smartphones with Windows Mobile, … Read More…

So farewell, then, 2011. (With apologies to Private Eye's poet-less-than-laureate E.J. Thribb.)
ESET's December ThreatSense Report, as before, looks at threat trends over the year, rather than just the past month. In particular, we've noted that despite the very real impact of Microsoft's countermeasures this year against infection by the type of threat we generally categorize as … Read More…

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

It's something of a truism, that 'old viruses never die', and that certainly seems to be the case for some of the older, more widespread, email worms. In this interview (http://www.signonsandiego.com/uniontrib/20041129/news_lz1b29five.html) back in 2004, I talked about an email worm called "Win32/Zafi.b" which, at the time, had recently been spreading on a global scale.
However, a … Read More…

My colleagues in Hungary have released some slightly alarming statistics about malware awareness in their part of the world. Research carried out on their behalf by NRC suggests that a significant proportion of Hungarian Internet users don't even know what AV software is installed on their computer (or, presumably, if anything is installed.)
http://www.eset.hu/hirek/holgyek-tessek-vedekezni?back=%2Fhirek
Out of 1000 … Read More…

[This is a free translation of a blog by my colleague at ESET Latin America, Sebastián Bortnik. As ever, mistakes in translation and interpretation are down to me. Would this be a bad time to mention the AVIEN Malware Defense Guide for the Enterprise? DH]
Considering security in the enterprise is no easy task: … Read More…

 
UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to prevent malware from being distributed on services like Microsoft's Windows Update in the future.  7-FEB-2011.
 
Last week, we received … Read More…

I notice that among the 17 security bulletins just released by Microsoft on Patch Tuesday, MS10-092 addresses the Task Scheduler vulnerability prominently exploited by Win32/Stuxnet.
We will be updating our Stuxnet analysis shortly, but what's really notable about this bulletin for me is the fact that it draws on cooperation between Microsoft, itself an AV vendor, … Read More…

SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to … Read More…

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer:
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html
Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the vulnerability. I won't attempt … Read More…