ESET Threat Blog

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

Pierre-Marc tells me that he has received two malware samples that grabbed his attention due to their resemblance to Storm/Waledac.  They use the same kind of distribution mechanism: that is, spam with links to a New Year eCard for New year with titles like "New Year Wishes!" and "You Received an Ecard."  The mail contains … Read More…

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is … Read More…

Sebastián Bortnik, at ESET Latin America, kindly translated a blog they put up today here and allowed us to reproduce it for our blog. I think you’ll find it interesting. Thanks, Sebastián!
The revival of the spread of the Waledac trojan is already a fact. As the ESET team announced on Thursday, on Friday spam emails … Read More…

[Since the owner of the blog described below interpreted this blog as a personal attack and marketing BS, I've removed information that identifies his blog. Which is a pity, because his blogs on the topic actually include useful information. I'm not withdrawing the whole blog, because it isn't marketing and it isn't about our product: ... Read More…

I’d like to thank the City of San Diego for welcoming me with a firework display last night. It was just what I needed after 22 hours in planes and airports. Maybe just a little quieter next time? (London did much the same thing to me with its Millennium celebration.) It did look … Read More…

Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which … Read More…

As Valentine’s Day is approaching the criminals behind Win32/Waledac have increased their activity. The Valentine campaign started some time ago but the interesting part is only starting for us.  The Waledac botnet has been using fast flux for some time now.  This means that the IP addresses of the websites used to distribute this malware … Read More…

Further to Pierre-Marc’s post on the 25th December about the resemblances between Waledac and Storm, I notice that Steven Adair of Shadowserver has been blogging some very nice notes on much the same topic. Well worth a look.
David Harley
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_321()’,1000);window.setTimeout(‘loadFBLike_321()’,1000);window.setTimeout(‘loadGoogle1_321()’,1000);window.setTimeout(‘loadGBuzz_321()’,1000);window.setTimeout(‘loadTwitter_321()’,1000); }); function loadLinkedin_321(){ jQuery(document).ready(function($) { $(‘.dd-linkedin-321′).remove();$.getScript(‘http://platform.linkedin.com/in.js’); }); } function loadFBLike_321(){ jQuery(document).ready(function($) { … Read More…

Yesterday, we started to receive reports of emails pretending to carry links to holiday cards.  These emails contain a link that points to a file named ecard.exe.  Of course, this executable is not a seasonal holiday card but malware.  The reason this wave of malware has attracted our attention is that it is very similar … Read More…