ESET Threat Blog

Danish security company CSIS have reported a worm that really does spread through Facebook, unlike some of the malware we've seen described in hoaxes recently. Peter Kruse tells us that the worm logs in as the owner of the infected system and spams messages to his or her friends. The message consists of a link … Read More…

Recently, a new data-stealing worm caught our attention. The reason why it stands out from many similar amateur creations is that its author is most probably Czech, as the text strings, variable and function names used by the malware suggest.

The Czech text above is displayed by the worm inside a console window and translates to: … Read More…

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

It's something of a truism, that 'old viruses never die', and that certainly seems to be the case for some of the older, more widespread, email worms. In this interview (http://www.signonsandiego.com/uniontrib/20041129/news_lz1b29five.html) back in 2004, I talked about an email worm called "Win32/Zafi.b" which, at the time, had recently been spreading on a global scale.
However, a … Read More…

Cyber Security pundits have been keenly watching the development of nascent state targeted attacks such as the Stuxnet worm with interest for some time and warning of the possible implications, but now it’s official. According to The Wall Street Journal,
“The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next … Read More…

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as … Read More…

This weekend, an unnamed worm forced Microsoft to temporarily suspend active links  in Live Messenger 2009, in order to prevent the aggressive worm from spreading further. This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all! For example, … Read More…

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it:

NOTE: The audio is not completely … Read More…

While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries … Read More…

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet.
On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was … Read More…