ESET had quite a strong representation at Virus Bulletin this year in Barcelona, as David Harley mentioned in his post prior to the conference. On the first day, Pierre-Marc Bureau presented his findings about the Kelihos botnet, David Harley and AVG’s Larry Bridwell discussed the usefulness and present state of AV testing, and to finish

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform

One that will be of most interest to our readers in the UK, I guess. Our friends at Virus Bulletin are holding another "Securing Your Organization in the Age of Cybercrime" seminar, this time on the Open University Campus at Milton Keynes on the 24th May. The full agenda is already available on that page, and

…In fact, while the season for the traditional end of year crystal ball-gazing is pretty much over, I’ll venture a few extra predictions based on recent observations of the support scam business…

…version 1.31 of “Stuxnet Under the Microscope” is now available on the white papers page … Until now Rooting about in TDSS was only available to VB subscribers, but it too is now available on the ESET white papers page.

The paper presents an alternative approach to botnet research, employing “in the lab” experiments involving at-scale emulated botnets.

…poachers turned gamekeeper are not uncommon in the security industry as a whole, and it’s all too common for aspirant virus-writers whose notoriety is not necessarily matched by their technical skill to be hired by companies on the remote borders of malware detection and filtering, but the “real” AV industry goes out of its way to avoid hiring the ethically challenged….

…Andrew Lee conducted a fun but disquieting thought experiment in the course of an amusing and informative presentation on user education at the recent Virus Bulletin Seminar…

“Test Files and Product Evaluation: the Case for and against Malware Simulation” is a paper presented at the recent AVAR conference by Eddy Willems, Lysa Myers and myself: we were all at the EICAR conference and figured that it was a good moment to combine our experience of testing, EICAR, AMTSO and the anti-malware industry to cover the developments that had taken place since Sarah’s paper.

…given the amount of detailed analysis that’s already available (and I mean substantial blocks of reverse-engineered code, not high-level analysis and code snippets and descriptions), I’m not sure that anyone with malicious intent and a smidgen of technical skill would need the original code…