March 2009

Patches Despatches

In a previous blog relating to Acrobat vulnerabilities, I suggested that you might want to sign up for Adobe’s alerts service. I did, but still haven’t received any news from it. However, it appears that The Register (or one of its sources) did, so I’m nevertheless aware that Adobe has released updates to address the

Signed Updates and Social Engineering

Someone raised an interesting point in a comment to yesterday’s blog about Symantec’s own PIFTS.EXE being flagged by their own firewall as a possible problem. Let me quote the comment in full. I by no means buy into the super root-kit routine, I do however think that there will be copy cats (if not already)


PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According

The Only Good Worm is a Gummy Worm

From time to time the discussion of whether or not there are (or can be) good worms comes up, usually specifically in the context of program maintenance, updates and upgrades. In fact, the idea of maintenance viruses goes back at least as far as Dr. Fred Cohen, who pretty much "wrote the book" on early

Conficker Resurgent

It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants. (And, yes, ESET’s ThreatSense technology does already detect it heuristically!) It seems to have

Excel Exasperation, Acrobat Aggro

As The Register has pointed out, the Microsoft Security Bulletin Advance Notification for March 2009 doesn’t mention a forthcoming patch for the Excel vulnerability we’ve already flagged in this blog here and here and here. Since, as John Leyden remarks, the exploit is being actively exploited, it may seem that Microsoft are not taking the issue seriously

Phishing Persistence

Here’s something I haven’t noticed before (but then I don’t pay nearly as much attention to phishing messages as I used to, owing to the need to sleep occasionally). I’ve started to receive messages purporting to be from the Alliance and Leicester, in the UK. The messages are much the same, apart from the Subject

Fraud in (and out of) a Time of Recession

I’ve been asked several times in the past few months about links between the global recession and criminal activity, especially as related to fraud. There are, of course, those who claim that the economic situation is directly caused by "criminal" activity by politicians and banks, which is a little further than I’d care to go personally. What

Acrobat Amendment

A reminder about about the Acrobat reader vulnerability we blogged about several times recently (,, Remember I said "As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly"? Predictably, there are now known exploits that don’t use the JavaScript heap spray trick. While I’m

The Tits Alternative

OK, I bet you think I am making this up, but this is real. The Tits alternative is a theorem by an award winning Belgian mathematician named Jacques Tits. According to Wikipedia:  “In mathematics, the Tits alternative, named for Jacques Tits, is an important theorem about the structure of finitely generated linear groups. It states

Zombies Down Under

The estimable Graham Cluley’ drew my attention in his blog to the fact that this is National Zombie Awareness Week in Australia. A zombie is security geekspeak for a PC that has been infected by a bot or agent, so that it’s added to a network of compromised machines (a botnet) under the control of


Perhaps this is a little relevant to some of our readers… We just released version 4 of ESET Antivirus (NOD32), and ESET Smart Security. If you have a valid license, then there is no charge for the upgrade. Take a look at for the “What’sNew” information. Randy Abrams Director of Technical Education

Feeling Vulnerable?

This is a follow up to David Harley’s post “Targeted Excel Malware Revisited.” I know that for some people “exploiting a vulnerability” is no clearer than the US tax code, so I’ll try to make it a bit more understandable. A “vulnerability” simply means that there is a problem with a program. In this case

Heartland and Shadowlands

This is a follow-up up to my previous blog regarding the price of data loss. Heartland Payment Systems lost another 30% share value a few days ago (actually, 25th February, but it’s been a busy week!) – down to $5.34/share (at the beginning of 2009 – prior to the breach they were between $16-$18 per

Targeted Excel Malware Revisited.

Further to our blog last week on targeted attacks exploiting a vulnerability found in a number of Excel versions including  Mac versions, viewers, and the Open XML File Format Converter for Mac. While we already have a specific detection for the threat we call X97M/TrojanDropper.Agent.NAI, we also have generic detection for the exploit, flagged as X97M/Exploit.CVE-2009-0238.Gen. This detection

Follow us

Copyright © 2015 ESET, All Rights Reserved.