Sality se suma a la vulnerabilidad LNK

Luego de las repercusiones sobre Stuxnet, explotando la vulnerabilidad CVE-2010-2568, a la cual se sumaron dos familias más (Win32/TrojanDownloader.Chymine.A y Win32/Autorun.VB.RP) y la incorporación del exploits a un crimeware (Zombie Explotation Kit), recientemente se ha descubierto otro código malicioso que utiliza esta debilidad para infectar los sistemas de información. Se trata de Sality, un peligroso

Aparecen nuevas familias de malware explotando vulnerabilidad 0-Day "LNK"

Cómo adelantamos en estos días a modo de tendencia, nuevas familias de códigos maliciosos han aparecido empleando como vector de ataque la misma vulnerabilidad 0-Day (CVE-2010-2568) utilizada por Win32/Stuxnet.A. Investigadores de ESET han identificado en las últimas horas dos códigos maliciosos más relacionados con la explotación de la vulnerabilidad en cuestión. Se trata de la

Which Army Attacked the Power Grids?

The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.

(Windows) Shellshocked, Or Why Win32/Stuxnet Sux…

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

Microsoft Takes the Security out of Security Conferences

In May it was reported that IBM handed out some USB drives that were infected. A month later I spoke at a security conference that I will not name. I gave the AV (audio/visual) technician a USB key with my presentation on it to copy to the laptop they were using for the presentations. About

Do You Have a Process?

USB thumb drives, such as those pictured below from www.promotionalpro.com, are very popular marketing item, but oftentimes people are not aware of the digital risks these devices can present. In recent years many USB devices have been sold or given way only to be found to be pre-infected from the factory. At a recent security

Should I Stay or Should I Go?

I don’t really want to leave ESET, but IBM needs me. Several years ago Microsoft had a serious problem with viruses in its software. I was given the task of making it go away. It started with retail software. My job was to make sure none of the retail software Microsoft released was infected. Then

Autorun and Windows 7

Autorun and Windows 7. Long time readers know that I think autorun was Microsoft’s longest unpatched vulnerability. For Windows 7 Microsoft has made some serious improvements, but for older versions of Windows Microsoft has ignored the obvious vulnerability and only offered the patch as an optional download instead of making it a critical update, as

Guest Blog: How free is free Antivirus?

I've noticed a number of tests recently that seem to be intended to prove that free antivirus is as good as commercial AV. As it happens, I'm not against free AV in principle, as long as people are entitled to use it – commercial use of free AV is usually not permitted. And I'm overjoyed when

The Biggest Botnet in the World

You may have seen the news about the bot masters in Spain who were arrested. Defense Intelligence http://defintel.com/docs/Mariposa_Analysis.pdf dubbed this Mariposa botnet. It is claimed that this botnet had the power to perform much stronger attacks than what Estonia witnessed a couple of years ago.  Still, this botnet is dwarfed by the largest botnet in

NOD32 Antivirus for Mac: Some Questions

These are a few questions relating to ESET's antivirus scanner for OS X, which is currently in beta, that I was asked in response to a post at Mac Virus. (If you want to take the beta out for a spin, you can still download it at http://beta.eset.com/macosx.) As these questions are very ESET-specific, I

Anti-Malware: Last One Out, Please Turn Off The Lights

It doesn't surprise me when someone says, like David Einstein of the San Francisco Chronicle, that there's no need for a Mac user to run anti-virus software. Though the most usual reason I see given is that there aren't any Mac viruses. (There are, but nowadays the main reason to run anti-malware on any platform

End of Year, End of Decade

As our December ThreatSense report (now available at http://www.eset.com/threat-center/threat_trends/Global_Threat_Trends_December_2009.pdf) was not only the last of the year but the last of the decade, it's rather longer and more detailed than usual, including a look back at the last 12 months. I suppose we could have gone back over the whole decade, but I have to

Ten Ways to Dodge Cyber-Bullets (Part 1)

OK, so I lied about not doing a top ten. Twice. For a paper that's going through the publication process at the moment, I revisited some of the ideas that our research team at ESET LLC came up with this time last year for a top ten things that people can do to protect themselves

Septic Thumb Drive

The Register has reported that it cost Ealing Council, in London (UK) some £500,000 in lost revenue and repairs after a "virus infection" in May. According to El Reg’s John Leyden, the virus in question was Conficker-D, though because of differences in Conficker variant naming, it’s difficult to say exactly which variant that would refer to.

Now You Can Fix Autorun

Microsoft has released the patches required to make autorun work with only CD and DVD drives. There is one little catch, a USB drive can be configured to look like a CD, but this patch definitely helps reduce risk. I highly recommend you install the patch so that you can connect most thumb drives, GPS

Potentially Abandoned Conficker Grows

Potentially Abandoned Conficker Grows According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these

The April Threat Report

As we do each month, ESET has released its monthly threat report. As you might expect, there were a lot of Conficker detections out there. There were also almost as many detections for autorun threats that are not Conficker. In other words, if you have disabled autorun, then you protect against a lot more than

Conficker: rising and shining…

So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost  certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in

For the Hypochondriacs…

I’ve tried to convince you all that you really need to watch out for all of the threats and that it really isn’t worth worrying about Conficker, but if you are still worried about Conficker we do have a knowledge base article you can peruse at http://kb.eset.com/esetkb/index?page=content&id=SOLN2209. If you apply your security patches, disable autorun,

Follow us

Copyright © 2015 ESET, All Rights Reserved.