ESET Threat Blog

I should probably have mentioned this before, but it's only just hit my radar.
ESET's October ThreatSense report is available on the Threat Center page as Global Threats Trends for October 2010. Naturally, it includes the usual information about the top ten global threats reported by ThreatSense.Net telemetry in October, which are:
 

INF/Autorun
Win32/Conficker
Win32/PSW.OnLineGames
Win32/Sality
INF/Conficker
Win32/Tifaut.C
HTML/ScrInject.B
Win32/Bflient.K
JS/TrojanClicker.Agent.NAZ
Win32/Spy.Ursnif.A

It also includes articles on:

Feature Article by … Read More…

Our friends at Virus Bulletin are hosting a seminar later this month that looks as if it should be worth a visit. Of course, security seminars are ten a penny, but this one is organized by the security-knowledgeable but vendor-agnostic magazine whose annual conference is one of the major highlights of an anti-malware researcher's year. (Yes, we … Read More…

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel. According to Chinese AV company Rising International, as reported by The H, “millions” of systems in China have been affected by Stuxnet. Strangely, I have yet to see much in the way of speculation as to who is … Read More…

1)
Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine.
Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they made of … Read More…

Congratulations to our friends at Virus Bulletin for yet another great conference (the 20th) in Vancouver this week. Congratulations also to our own Pierre-Marc Bureau, voted the best newcomer to the AV business at the conference.
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up … Read More…

This morning I wrote a long and - I hope - carefully-considered piece for Security Week on Stuxnet and the whether it constitutes a nation state attack on Iran. [Update, 26th September: I hear that article will be available today or tomorrow.]
Actually, I was asked on Friday for a quotable quote or two on the topic, but I … Read More…

Here are a few papers and articles that have become available in the last week or two.
Shortcuts to Insecurity: .LNK Exploits is an article for Security Week (http://www.securityweek.com) on the .LNK vulnerability classified as CVE-2010-2568 and exploited by Win32/Stuxnet.
Stuxnet is not the only malware that exploits this vulnerability, of course, and the September issue of … Read More…

Jan Vrabec, my colleague in the Bratislava office, has some thoughts to get off his chest about AV vendors and  misleading results from internal test results, so I'm letting him borrow my soapbox. All yours, Jan…
Lately, we have witnessed a new trend pushed by the marketing departments of several antivirus vendors: in-house product testing. Of … Read More…

While I was at the EICAR conference earlier this week, I also co-presented (along with Pierre-Marc Bureau and Andrew Lee) a paper on "Security, Perception and Worms in the Apple". During the presentation, I had occasion to recall how in the early 1990s I wrote a report on viruses for my boss at the time at … Read More…

Just a quick note to draw your attention to a couple of new documents that have just become available.
"AMTSOlutely fabulous" (sorry – it seemed like a good idea when I wrote it…) is a review of what the Anti-Malware Testing Standards Organization has achieved so far and what it might achieve in the future. It's available … Read More…