ESET Threat Blog

Introduction
Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8.
While Microsoft was an early adopter in the creation of smartphones with Windows Mobile, … Read More…

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

[An interesting snippet from my colleagues Aleksander Matrosov and Eugene Rodionov - DH]
Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the TDL4 bootkit to load … Read More…

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. 
Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself clarifying … Read More…

Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often.
As it turns out, it was once my job to make sure that Microsoft did not release infected software. Initially my … Read More…

 
UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to prevent malware from being distributed on services like Microsoft's Windows Update in the future.  7-FEB-2011.
 
Last week, we received … Read More…

 
Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database.
 
Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows is likely to … Read More…

There is a new vulnerability that affects all supported versions of Windows and some unsupported versions. For you techies the “Vulnerability in MHTML Could Allow Information Disclosure” advisory is at https://www.microsoft.com/technet/security/advisory/2501696.mspx. If you are not a techie you might want to take a look and see how much you can understand. By reading the security … Read More…

As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the … Read More…

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat.
Detection for Win32/Stuxnet and the shortcut (LNK) files used … Read More…