ESET Threat Blog

Archive for the 'Virus Total' Category

  •  
by David Harley Senior Research Fellow
April 2, 2012 at 12:00 pm

In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal.  Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.
I … Read More…

Comments
0

?>
by David Harley Senior Research Fellow
March 5, 2012 at 11:18 am

It was back in the 1990s when someone told me that operating systems like Windows NT were getting so safe that AV would soon be out of business. And I hear on a regular basis that AV is so ineffective it's not worth having. Because I get some of my income from the anti-virus industry, … Read More…

Comments
9

?>
by David Harley Senior Research Fellow
December 1, 2011 at 9:00 am

Danish security company CSIS have reported a worm that really does spread through Facebook, unlike some of the malware we've seen described in hoaxes recently. Peter Kruse tells us that the worm logs in as the owner of the infected system and spams messages to his or her friends. The message consists of a link … Read More…

Comments
2

?>
by David Harley Senior Research Fellow
July 29, 2010 at 4:31 am

Everyone hates false positives (FPs). Well, nearly everyone. For purveyors of fake anti-malware products, deliberate FPs are a source of income… 
However, real security vendors hate them because every false positive is a significant detection failure, even if no-one notices (it's quite possible that most FPs pass unnoticed by anyone because the circumstances under which the scanner would … Read More…

Comments
2

?>
by David Harley Senior Research Fellow
February 16, 2010 at 6:48 am

 Security researchers work together and share information in many ways and in many contexts that aren't constrained by company boundaries, but it's unusual for security researchers working for different vendors to join forces in a company blog.
However, John Leyden of The Register contacted us both when he was writing an article on the controversy following Kaspersky … Read More…

Comments
2

?>
by David Harley Senior Research Fellow
February 2, 2010 at 11:59 am

Larry Seltzer posted an interesting item yesterday.  The article on "SW Tests Show Problems With AV Detections " is  based on an "Analyst's Diary" entry called "On the way to better testing."
Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them. Then … Read More…

Comments
10

?>
by David Harley Senior Research Fellow
April 2, 2012 at 10:53 am

Sunbelt have responded to an article in Infosecurity about what I described way back in the early 90s (when putting together the alt.comp.virus FAQ) as the "thorny issue of malware naming". Well, I've been banging the drum about educating users and pretty much everyone else away from the concept that malware naming is useful for quite … Read More…

Comments
0

?>
by David Harley Senior Research Fellow
August 5, 2009 at 8:59 am

There’s been a certain amount of buzz in the past couple of days about messages claiming to link to Wire Transfer information, but actually related to a Trojan commonly called Delf or Doneltart. ESET is detecting the examples we’ve been seeing as a variant of Win32/TrojanDownloader.Delf.OZG.
The messages generally look something like this (at least, … Read More…

Comments
0

?>
Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Archives

Switch to our mobile site