My colleague Aleks Matrosov has come across an interesting if uncomfortable post on a Russian language forum, advertising a "Boot loader for drivers" currently under test that doesn't require a Digital Signature driver, which sounds very much like our old friend TDL4. This metamorphic malware (each build generates a fresh binary) loads before the start of PatchGuard. It's

The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain. The article is also linked from the ESET white papers page.

1) Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine. Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they

Since I’ve just spent several days at a major conference, you might have expected a flurry of blogs about it. And indeed, there’s a lot more I hope to say about VB 2009, but I’ve been beset by a number of other issues that have demanded my attention, in and out of the blogosphere.  I did rather hope