ESET Threat Blog

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a third ... Read More.

Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face ... Read More.

ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution. Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in ... Read More.

I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about ... Read More.

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code ... Read More.

Facebook has recently updated their security settings. In this How-to we highlight some of the updates and the security nuances to help you stay on top of your account security settings. Paul Laudanski blogged about the subject awhile back, if you want to reference that security primer. When you login to your account, you may now ... Read More.

[Update: it seems that people who missed the whole MS-DOS/having fun with the C> prompt and batchfiles thing are still struggling with the fact that vendors are releasing cleaning tools that are really command-line tools, so some step-by-step notes are added below.] I’m sure you’re almost as bored with this issue as I am with the BBC. ... Read More.

The recent MacDefender Trojan has been receiving “rebranding” facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the ... Read More.

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook.  Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government.  When many people use a service such as this, it bears ... Read More.

Having implemented generic detection of the CVE-2010-2568 vulnerability used to propagate the now infamous Win32/Stuxnet, ESET has identified not one but two new malware families that exploit the same vulnerability.  This vulnerability allows code execution through malicious LNK (shortcut) files.  We have identified a new family that exploits this unpatched vulnerability in order to spread, which ... Read More.