tag
Microsoft

Falsas actualizaciones de Microsoft, infectan usuarios

En el día de la fecha hemos recibido una alta tasa de correos que simulan provenir de Microsoft y que mencionan una supuesta actualización de Live Messenger (correo en español) y otra de Windows (correo en inglés): En realidad lo que menciona el correo es falso ya que es fundamental conocer que Microsoft lanza sus

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Exploit público para vulnerabilidad de Microsoft

El 8 de Septiembre Microsoft publicó al alerta de seguridad 975497, donde se describe una vulnerabilidad en el protocolo SMB (Server Message Block) de los sistemas Microsoft Windows. Las versiones afectadas son Windows Vista, Windows Server 2008 y Windows 7 RC. El parche aún no está disponible, y se espera que el mismo esté disponible

Crisis? What Crisis?

In the AV industry, we’re not unaccustomed to security scare stories met with a debunking response. For example, Peter Norton was quoted in 1988 in Insight as saying that computer viruses were an urban myth, like the alligators supposed to inhabit the sewers of New York. (He did change his mind around 1990 when he gave

ThreatSense.Net® Report for July

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is

Adobe Updates

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK). In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues: CVE-2009-1862 CVE-2009-0901 CVE-2009-2395 CVE-2009-2493 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865

Fly By Wireless

No, nothing to do with drive-by downloads… Our colleagues in Europe came up with a nice idea: an article on the dangers of web surfing on free wi-fi and some tips on staying safe. (A topic dear to the hearts of all of us who find ourselves out and about with our laptops from time

Patchwork

I’ve been up to my ears in travelling and AMTSO and had limited connectivity over the last week, but even I noticed that a lot of patching issues have risen to the surface in the past few days. In case some of this has passed you by, here are a few of the more prominent

June ThreatSense Report

We’ve just finished working on our monthly Threat Report. There aren’t many surprises in the top ten threats for June. Conficker has taken over the "top spot", relegating INF/Autorun to second place. It’s difficult to say for sure what the significance is, given the relatively small percentage point involved: minor fluctuations in proportions from month

Propagación de malware por correo electrónico

Hemos observado, en el día de ayer, dos correos electrónicos que han sido detectados en gran cantidad; ambos para propagar códigos maliciosos. El primero de ellos nos resultó interesante, por utilizar un método bastante primitivo: el malware está adjuntado al correo electrónico. Es llamativo el método ya que en la actualidad, gran cantidad de clientes

Microsoft AV Revisited

Alex makes a couple of interesting points in his comment on Randy’s blog yesterday about Microsoft’s "Security Essentials" antivirus (as does Randy, of course, but there’s no surprise there.) Alex is suggesting, I think, that Security Essentials isn’t so much a freebie as a value-add to something you’ve already paid for (i.e. Windows). That’s a pretty interesting,

Microsoft Security Essentials?

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare. The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If

Xbox: Integrating Social Networks

Just a few short days ago I read the announcement that Microsoft announced a new relationship with the social networking services Twitter and Facebook. The relationship was created to enable users of Xbox Live to access their profiles and post photos to their Facebook accounts and allow Twitter users to post and read messages –

Update updates

So Patch Tuesday has been and gone, and many of you will already have updated automatically. If you haven’t, do. there seems to be a curious complacency in some quarters about Powerpoint clientside exploits and targeted attacks, but a lot of dross gets passed around as slide-decks. For example, many an old hoax has been given

Vulnerability Musings and Reflexive Thinking

Some of us are currently enjoying some excellent presentations at a CARO workshop in Budapest on exploits and vulnerabilities. Hopefully, some of them will eventually be made public, so that we’ll be able to include pointers to specific resources. While there’s been a great deal of technical detail made available that has passed me by

Targeted Malware and Microsoft

Microsoft issued an advisory last week – Microsoft Security Advisory (969136) "Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution" – that "could allow remote code execution if a user opens a specially crafted PowerPoint file." The advisory uses very similar language to Microsoft’s recent advisory on an Excel vulnerability, referring to "only…limited and

Patches Despatches

In a previous blog relating to Acrobat vulnerabilities, I suggested that you might want to sign up for Adobe’s alerts service. I did, but still haven’t received any news from it. However, it appears that The Register (or one of its sources) did, so I’m nevertheless aware that Adobe has released updates to address the

The Only Good Worm is a Gummy Worm

From time to time the discussion of whether or not there are (or can be) good worms comes up, usually specifically in the context of program maintenance, updates and upgrades. In fact, the idea of maintenance viruses goes back at least as far as Dr. Fred Cohen, who pretty much "wrote the book" on early

Conficker Resurgent

It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants. (And, yes, ESET’s ThreatSense technology does already detect it heuristically!) It seems to have

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.