Archives - October 2008

Giving (Samples) to Charity

Recently we noticed a thread in a forum associated with a free security product, originating in an open letter to a well-known tester, asking him to donate his sample set for the improvement of the product.

An Introduction to Packers

Packing technology is really just compression. You know, ZIP, CAB, RAR, and so on. There are many types of packers and some people even write their own. The way a packer compresses the file is called an algorithm. There are many different algorithms and unless you know what one was used, or have a tool

A Closer Look at Gimmiv.A

As stated previously by Randy, a new vulnerability affecting the Windows operating system from Microsoft has recently been discovered and has been patched Yesterday by an out of cycle patch.  This vulnerability has been exploited by attackers to install a trojan horse on victim computers.  The name of this trojan is Gimmiv.A.  This blog post

Microsoft’s October Out of Band Patch

Typically, Microsoft releases patches (security fixes) on the second Tuesday of each month. This day is affectionately called “Patch Tuesday” by many. On very rare occasions when there is a particularly severe vulnerability Microsoft will release a patch as soon as possible. Yesterday (October 23rd, 2008) Microsoft made a rare exception and released an “out

Asking for samples for testing

From time to time we are asked to provide samples or malicious URLs to individuals and groups who are not in the full-time testing business. We do, of course, share such material with other actors in the security industry who are within our web of trust, but are not usually able to honor requests from

Wave of Malicious PDFs

For the last couple of weeks, we have been seeing a wave of malicious PDFs crafted to exploit security flaws in PDF reader software.  For the last two weeks alone, we have detected more than 25 000 attacks involving this type of file.  Attackers are exploiting two different vulnerabilities in Adobe Acrobat Reader to execute

Testing Internet Security Suites: More Questions than Answers…

…and for once we’re not one of the vendors getting hammered. Secunia, a Danish company that sends out security notifications, has announced that it has tested a dozen security suites. Interestingly, Secunia used a number of exploits developed in-house for analysing vulnerabilities rather than the sort of malware sample based testing that we’re more used

Phishers Don’t Care…

I don’t suppose you thought they did. But just to prove that scammers have no compunction about using people’s understandable fears about the current financial crisis as a means of stealing from them, here’s a short extract from a fairly typical example of a current wave of fraudulent emails. “Subject: New campaign against financial markets

Memetic Malware Part 36

Memetic malware, in case you haven’t heard me ranting on the subject before, is a pseudo-technical term applied by some to hoaxes, semi-hoaxes, urban legends and so on, especially when spread via email and other Internet services. The adjective memetic derives from the coining by Richard Dawkins of the noun meme, which he described in

A Shock to the System

When it comes to installation sizes, smaller is actually better, as long as essential features like detection aren’t compromised in order to reduce footprint, and we at ESET like to think that’s a trade-off we manage rather well. With all due respect to our colleagues and competitors at Symantec, their products, on the other hand,

Normal Service is Resumed…

As you may have noticed, we’ve been a little busy in the past few weeks, with major conferences and workshops in Estonia, Florida, and the Virus Bulletin conference in Ottawa. Unfortunately, we can’t tell you much about most of these: while some very important work on the mitigation of malware is done in and around