How the Kelihos botnet survived a stake through the heart, and some alternatives to garlic and silver bullets.
1) Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine. Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they
(1) Websense, our neighbour in San Diego, has reported a fake anti-malware scam centred on Labor Day social engineering. The scam uses malicious SEO (Search Engine Optimization) techniques, sometimes referred to as index hijacking or SEO poisoning, to misdirect potential victims. When the victim uses Google to search for Labor Day sales (apparently these are very
To get a better understanding of infection trends over the last few months, the ESET research team has analyzed data compiled by our online scanner. This tool is available freely from ESET’s website at http://www.esetonlinescan.com and can be accessed by anyone to scan their system without having to install our product. Data from our online
Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is
[Since the owner of the blog described below interpreted this blog as a personal attack and marketing BS, I’ve removed information that identifies his blog. Which is a pity, because his blogs on the topic actually include useful information. I’m not withdrawing the whole blog, because it isn’t marketing and it isn’t about our product:
I’d like to thank the City of San Diego for welcoming me with a firework display last night. It was just what I needed after 22 hours in planes and airports. :-) Maybe just a little quieter next time? (London did much the same thing to me with its Millennium celebration.) It did look pretty
So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in