Here are a few papers and articles that have become available in the last week or two.
Stuxnet is not the only malware that exploits this vulnerability, of course, and the September issue of Virus Bulletin includes several related analyses, including one of mine..However, they’re only available to Virus Bulletin subscribers at present. I’m also working with Aleks Matrosov and his colleagues on a detailed analysis which will be available in due course.
Talking of Virus Bulletin, PWN2KILL, EICAR and AV: Scientific and Pragmatic Research is an article I wrote for the June issue on the implications of the PWN2KILL challenge at iAWACS 2010 and the subsequent presentations at EICAR in May. The article is now available on our white papers page at http://www.eset.com/documentation/white-papers, where we also put up links to articles on external sites.
Last week, I attended the excellent Computer Forensics Education and Training (CFET) conference at Canterbury Christchurch University, in the UK. The two papers I presented there have now gone up on the white papers page.
SODDImy and the Trojan Defence looks at at the implications in the age of the botnet of the “Some Other Dude Did It” and “it must have been a Trojan” defences against conviction for possession of illegal material.
Antivirus Testing and AMTSO: Has Anything Changed? is a summary of how the Anti-Malware Testing Standards Organization has developed in the past few years and the way in which the AV and testing industries have responded to those developments.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security