Bootkits: Past, Present & Future

This paper, presented at Virus Bulletin 2014, shows how the bootkit threat has evolved over time and what further developments the future might bring, as well as some useful tools and mitigations.

View more

Death of a Sales Force: Whatever Happened to Anti-Virus?

This paper, presented at AVAR 2013, considers the myths about the capabilities of anti-malware technology and demonstrates that reports of its death have been greatly exaggerated.

Mac Hacking: the Way to Better Testing?

This paper for Virus Bulletin 2013 considers the special challenges that face security product testers when they test products specific to OS X, and the further implications for testing security products on smartphone operating systems. First published in Virus Bulletin 2013 Conference Proceedings*

BY DAVID HARLEY AND LYSA MYERS

 

View more

Advanced Evasion Techniques by Win32/Gapz

A presentation from the CARO workshop in May 2013, looking at the technology that makes Win32/Gapz arguably the most complex bootkit to date.

BYOD: (B)rought (Y)our (O)wn (D)estruction?

Presented at the Virus Bulletin 2012 conference in September, this paper considers the pros and cons of the BYOD trend, potential attack vectors, and advice on countermeasures. First published in Virus Bulletin 2012 Conference Proceedings*

Dorkbot: Hunting Zombies in Latin America

Presented at the Virus Bulletin 2012 conference in September, this paper introduces the main capabilities and features of Win32/Dorkbot and considers why and how Win32/Dorkbot’s activity in Latin America differs from the rest of the world. First published in Virus Bulletin 2012 Conference Proceedings*

Festi botnet analysis and investigation

A comprehensive analysis of the evolution of the Festi botnet, its features, its networking protocol, and the ways in which it tries to protect itself from detection. As presented at the AVAR 2102 conference in Hang Zhou.

Defeating anti-forensics in contemporary complex threats

Technical and in-depth analysis of the implementation of hidden encrypted storage, as used by complex threats currently in the wild including TDL4, Carberp and ZeroAccess. First published in Virus Bulletin 2012 Conference Proceedings*

FUD and Blunder: Tracking PC Support Scams

Presented at the Cybercrime Forensics Education & Training Conference in September 2012, this paper looks at the support scam problem from a forensic point of view.

My PC has 32,539 errors: how telephone support scams really work

Presented at the Virus Bulletin 2012 conference in September, this is a comprehensive consideration of the ongoing evolution of the PC telephone support scam. First published in Virus Bulletin 2012 Conference Proceedings*

PIN Holes: Passcode Selection Strategies

Presented at the EICAR 2012 conference in May, this paper considers common strategies for selecting four-digit passcodes, and the implications for end-user security. Originally published in the EICAR 2012 Conference Proceedings.

View more

After AMTSO: a funny thing happened on the way to the forum

Presented at the EICAR 2012 conference in May, this paper looks at how the Anti-Malware Testing Standards Organization might yet retain enough credibility to achieve its original aims. Originally published in the EICAR 2012 Conference Proceedings.

View more

Man, Myth, Malware and Multi-Scanning

The use and misuse of public multi-scanner web pages that check suspicious files for possible malicious content, and why they’re no substitute for comparative testing.
Presented at the 5th Cybercrime Forensics Education & Training (CFET 2011) Conference in September 2011

Same Botnet, Same Guys, New Code

A paper describing the functionality and P2P protocol of Win32/Kelihos, its evolution and its points of similarity to Win32/Nuwar (Storm) and Win32/Waledac.
First published in Virus Bulletin 2011 Conference Proceedings*

Fake But Free and Worth Every Cent

Two years on from “Is there a lawyer in the lab”, greyware and Possibly Unwanted Applications offer serious challenges for security vendors.
First published in Virus Bulletin 2011 Conference Proceedings*

Daze of Whine and Neuroses

The Anti-Malware Testing Standards Organization (AMTSO) has shaken up the AV testing world and attracted much controversy. But has it outlived its usefulness? And what is the future of detection testing?
First published in Virus Bulletin 2011 Conference Proceedings*

Security Software & Rogue Economics: New Technology or New Marketing?

Presented at the 2011 EICAR conference in May 2011, this paper contrasts existing malicious and legitimate technology and marketing, considering ways in which integration of security packages might mitigate the current wave of fake applications and services.

The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet

This paper, presented at the Annual Computer Security Applications Conference (2010), and to which ESET’s Pierre-Marc Bureau was a contributor, discusses alternative approaches to understanding botnet mechanisms, using “in the lab” experiments involving at-scale emulated botnets.

Test Files and Product Evaluation: the Case for and against Malware Simulation

This paper, presented at the 2010 AVAR conference summarizes the kind of problems that arise when simulated malware is used inappropriately in detection testing, with particular emphasis on the history and correct use of the EICAR test file.

Large-Scale Malware Experiments: Why, How, And So What?

How and why a group of researchers replicated a botnet for experimental purposes, and what use they made of the results.
First published in Virus Bulletin 2010 Conference Proceedings*

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.