ESET Threat Blog

First of all, the guys at ESET North America have just added a paper to the ESET white papers page at http://www.eset.com/us/documentation/white-papers:
Hanging on the Telephone
By David Harley, Urban Schrott and Jan Zeleznak, February 2011
As if fake anti-virus products weren’t bad enough, nowadays we have unsolicited phone-calls from fake AV helpdesks. ESET researchers tell you … Read More…

I had an interesting conversation a few days ago with journalist/author John Markoff. I don't know that I was much help to him, since he was asking about the more speculative issues around the origin, purpose and targeting of Stuxnet, rather than on the details of the actual binaries and the ascertainable demographics which have … Read More…

Further to my earlier blog about Stuxnet resources, version 1.31 of "Stuxnet Under the Microscope" is now available on the white papers page.  It's been updated to add pointers to additional resources, and this is probably the last update of the document. However, any further relevant resources will be added to a list here.
Aleksandr Matrosov … Read More…

 [Latest update: 20th January 2011. Note that because this resource was becoming longer than anticipated and somewhat unwieldy, second  and third "volumes" of more recent links arenow available at http://blog.eset.com/?p=5913 and http://blog.eset.com/?p=5945 ]
The Stuxnet analysis "Stuxnet Under the Microscope" by Aleksandr Matrosov, Eugene Rodionov, David Harley, and Juraj Malcho, has, unlike most ESET white papers, been subject to … Read More…

Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers. Details as follows.
Stuxnet Under the Microscope 
By Alexandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho, December 2010
Summary: Version 1.3 of a comprehensive analysis of the Stuxnet phenomenon, updated to include further information on the now-patched Task Scheduler … Read More…

The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain.
The article is also linked from the ESET white papers page.
David … Read More…

Speculation continues to rage about Stuxnet, now rumoured to have infected an English nuclear powerplant , though French owners EDF have denied it. But at least the estimable Rob Rosenberger shares my dislike of what he calls "this fetish for sexy computer news" in a recent SecurityCritics newsletter, and cites my recent blog at (ISC)2 as well as luminaries such as … Read More…

Tip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report. And, indirectly, leading us to a blip in some PoC code which now looks even more interesting. (But that isn't going public yet.)
The paper has been updated to remove the offending item.
David Harley CITP FBCS CISSP
ESET Senior … Read More…

This morning I wrote a long and - I hope - carefully-considered piece for Security Week on Stuxnet and the whether it constitutes a nation state attack on Iran. [Update, 26th September: I hear that article will be available today or tomorrow.]
Actually, I was asked on Friday for a quotable quote or two on the topic, but I … Read More…

The Stuxnet saga rolls on. And while a lot of talented people have been poring over the code for a while, some questions are still unresolved at this time, despite all the coverage..

Who is responsible for it?
Was it really the work of a nation team rather than hackers? Well, our analysis of the code certainly … Read More…