generic detection

Obfuscated JavaScript: Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he's observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space ("packing") or using a "protector" in order to make it

How Do You Find 200,000 Unique Samples a Day?

I recently received a couple of questions about signatures from a reader. 1- You said that ESET receives around 200000 unique malware samples daily, so does ESET detect most of them or detect only the malwares that their signatures are listed here: http://www.eset.com/threat-center/threatsense-updates ? 2- Nowadays why signatures are written? Are they written to detect

More LNK exploiting malware, by Jove!*

Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that “…more malware operators will start using this exploit code in order to infect host systems and increase their revenues.” Well, that was a pretty safe bet.

Ten Ways to Dodge Cyber-Bullets (Part 8)

[Part 8 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Anti-Virus isn’t Total Security Don’t expect antivirus alone to protect you from everything. Use additional measures such as a personal firewall, antispam and

Malware Classification and The Lovely Bones

You might have noticed that there are certain issues that press my buttons: the Beeb's botnet, Mac myopia, using Virus Total as a substitute for comparative detection testing. And malware naming, an issue on which I've blogged several times recently. http://www.eset.com/threat-center/blog/2010/01/09/today-we-have-naming-of-err-malware-1 http://avien.net/blog/?p=121 The estimable Kurt Wismer has taken me to task – well, Tom Kelchner

Heuristic Detection Techniques

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking. 1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same? 2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled

Conficker: Before the Flood (April Showers)

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date. At the very least,

False Positive Fracas

False positives. Every anti-malware vendor’s worst nightmare. The European publisher Heise, apparently recently reinvented as The H, has pointed out that both GData and Bitdefender were inaccurately flagging winlogon.exe as Trojan.Generic.1423603. In case you were wondering, this doesn’t mean the whole anti-malware industry has gone mad: GData’s product uses two engines, one of which is 

Follow us

Copyright © 2015 ESET, All Rights Reserved.