Virus Bulletin

New Documents

Just a quick note to draw your attention to a couple of new documents that have just become available. "AMTSOlutely fabulous" (sorry – it seemed like a good idea when I wrote it…) is a review of what the Anti-Malware Testing Standards Organization has achieved so far and what it might achieve in the future. It's

April 1st: Your Questions Answered

We're not really set up to use the ThreatBlog as a full strength Questions and Answers resource, but we got so many questions after my blog yesterday about April 1st hoaxes that I feel obliged to try to answer some of them. There is no truth in the rumour that the eCity of San Diego

I Have a Little (Wild)List*

* http://math.boisestate.edu/gas/mikado/webopera/mk105a.html Kevin Townsend posted a blog in response to a piece by Mike Rothman at Securosis. Mike’s piece on “The Death of Product Reviews” makes some pretty good points about security product reviews in general. Kevin’s piece is more specific to anti-malware. He too makes some useful discussion points about the value or otherwise

AMTSOlute Elsewhere

We're now getting into preparations for the next meeting of AMTSO (Anti-Malware Testing Standards Organization), on 25th-26th February in Santa Clara. In the meantime, I wrote an article for Virus Bulletin called "AMTSOlutely Fabulous" about "the story so far". It's just appeared in the January edition of the magazine. Of course, it's only available to subscribers

Today We Have Naming of… err, Malware… [1]

Sunbelt have responded to an article in Infosecurity about what I described way back in the early 90s (when putting together the alt.comp.virus FAQ) as the “thorny issue of malware naming”. Well, I’ve been banging the drum about educating users and pretty much everyone else away from the concept that malware naming is useful for quite

Dark Reading and Crystal Balls

Apparently it's not just me that's sceptical about the value of security crystal ball-gazing. Tim Wilson of Dark Reading takes us (the security industry) to task for being "subjective" and inconsistent in our predictions for the coming year. Strangely, although he does quote an ESET blog (an observation of Randy's) in his selection of predictions he

December’s Virus Bulletin

 I notice that our own Jeff Debrosse, having joined the ranks of ESET presenters at Virus Bulletin conferences this year with our paper on "Behaviour Analysis for the Next Decade"  (http://www.eset.com/threat-center/blog/2009/12/02/malice-through-the-looking-glass-conference-paper), has also swelled the ranks of ESET contributors to the magazine this month, with an opinion piece on “Cybersecurity awareness for the next generation.”.

iBot Mark 2: Go Straight To Jail Do Not Pass Go

[Update, courtesy of Mikko: this worm targets at least one Dutch bank, and activates when users go to the online bank with an infected iPhone ] [Update 2, courtesy of Paul Ducklin: how to change the password of an infected phone. I could just tell you what the password is, but you might want to read

Great Hoax From Little Acorns…

I learned a new word today. "Glurge", according to snopes.com, an essential resource when checking the validity of dubious chain letters, glurge is the sending of inspirational (and supposedly true) tales … that often … undermine their messages by fabricating and distorting historical fact in the guise of offering a "true story". I came across

False Positives: A Round of Applause…

The anti-malware industry isn't a suitable environment for the thin-skinned. We get used to receiving "more kicks than ha'pence" (see http://www.virusbtn.com/spambulletin/archive/2006/11/vb200611-OK).. In particular, I've grown accustomed to the fact that many people expect all the following from an AV product: Absolute Protection Absolute Convenience Absolutely no  False Positives Absolutely no charge False positives (FPs) are

Fake Anti-Malware: Blurring the Boundaries

It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see http://www.eset.com/threat-center/blog/category/fake-anti-malware-fake-software). However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware

Greyware: Trust Me, I’m a Lawyer

Since I’ve just spent several days at a major conference, you might have expected a flurry of blogs about it. And indeed, there’s a lot more I hope to say about VB 2009, but I’ve been beset by a number of other issues that have demanded my attention, in and out of the blogosphere.  I did rather hope

Postcard from Geneva

Virus Bulletin 2009 is now in full swing, though meetings and other issues have kept me from seeing as much as I’d like. Still, excellent opening and keynote speeches, and a very interesting talk on cyber-insurance from Pascal Lointier. (A bit of a first for me: though I’ve been attending VB most years since 1996 and

Genial Geneva and a note for Francophones

Bonjour mes amis! Well, I am in Switzerland, and very close to the French border, for the Virus Bulletin conference – perhaps the most eagerly anticipated event in the anti-malware researcher’s calendar. How sad is that? I also thought you might like to further extend your French skills on an article here, about a presentation

Fake ICE and Hot ICE

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me. I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

Slideshare update

Further to yesterday’s blog at http://www.eset.com/threat-center/blog/2009/08/03/slideshare-used-to-spread-malware, I hear from  Sebastián Bortnik that the account holder that posted those malicious slides to Slideshare has been banned, and the slide decks are no longer available. However, he (the black hat, not Sebastián!) had managed to post 2,473 slides with malicious links before he was stepped on: see

ThreatSense.Net® Report for July

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is

Microsoft AV Revisited

Alex makes a couple of interesting points in his comment on Randy’s blog yesterday about Microsoft’s "Security Essentials" antivirus (as does Randy, of course, but there’s no surprise there.) Alex is suggesting, I think, that Security Essentials isn’t so much a freebie as a value-add to something you’ve already paid for (i.e. Windows). That’s a pretty interesting,

Microsoft Security Essentials?

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare. The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If

Follow us

Copyright © 2015 ESET, All Rights Reserved.