Archive for the 'Virus Total' Category
Danish security company CSIS have reported a worm that really does spread through Facebook, unlike some of the malware we've seen described in hoaxes recently. Peter Kruse tells us that the worm logs in as the owner of the infected system and spams messages to his or her friends. The message consists of a link … Read More…
Everyone hates false positives (FPs). Well, nearly everyone. For purveyors of fake anti-malware products, deliberate FPs are a source of income…
However, real security vendors hate them because every false positive is a significant detection failure, even if no-one notices (it's quite possible that most FPs pass unnoticed by anyone because the circumstances under which the scanner would … Read More…
Security researchers work together and share information in many ways and in many contexts that aren't constrained by company boundaries, but it's unusual for security researchers working for different vendors to join forces in a company blog.
However, John Leyden of The Register contacted us both when he was writing an article on the controversy following Kaspersky … Read More…
Larry Seltzer posted an interesting item yesterday. The article on "SW Tests Show Problems With AV Detections " is based on an "Analyst's Diary" entry called "On the way to better testing."
Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them. Then … Read More…
Sunbelt have responded to an article in Infosecurity about what I described way back in the early 90s (when putting together the alt.comp.virus FAQ) as the "thorny issue of malware naming". Well, I've been banging the drum about educating users and pretty much everyone else away from the concept that malware naming is useful for quite … Read More…
There’s been a certain amount of buzz in the past couple of days about messages claiming to link to Wire Transfer information, but actually related to a Trojan commonly called Delf or Doneltart. ESET is detecting the examples we’ve been seeing as a variant of Win32/TrojanDownloader.Delf.OZG.
The messages generally look something like this (at least, … Read More…
- David Harley (770)
- Randy Abrams (437)
- Cameron Camp (102)
- ESET Research (61)
- Pierre-Marc Bureau (50)
- Stephen Cobb (47)
- Aryeh Goretsky (30)
- Paul Laudanski (17)
- Jeff Debrosse (14)
- Andrew Lee (14)
- Robert Lipovsky (10)
- Sebastian Bortnik (9)
- Dan Clark (8)
- Sébastien Duquette (5)
- Tasneem Patanwala (3)
- Peter Stancik (2)
- Andrea Kokavcova (1)
- David Carnevale (1)
- C. Nicholas Burnett (1)
RSS
