obfuscation

From Georgia With Love: Win32/Georbot information stealing trojan and botnet

Malicious software that gets updates from a domain belonging to the Eurasian state of Georgia? This unusual behavior caught the attention of an analyst in ESET's virus laboratory earlier this year, leading to further analysis which revealed an information stealing trojan being used to target Georgian nationals in particular. After further investigation, ESET researchers were

Obfuscated JavaScript: Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he's observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space ("packing") or using a "protector" in order to make it

What are Heuristics?

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as

IM to Spread Malware: the Butterfly Effect

This weekend, an unnamed worm forced Microsoft to temporarily suspend active links  in Live Messenger 2009, in order to prevent the aggressive worm from spreading further. This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all! For example,

(One out of) Ten Ways to Dodge Cyber-Bullets

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published

AV-Comparatives Retrospective Test (and a Word about False Positives)

Retrospective or “frozen” testing involves testing the ability of one or more products to detect threats proactively, using techniques such as advanced heuristics rather than signature detection.

Hybrid Detection: I have seen the future…

whitelisting itself is hybrid…And it works best as one layer of a defensive strategy, at any rate in the version of the internet in which we currently find ourselves.

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.