As you may have noticed, we’ve been a little busy in the past few weeks, with major conferences and workshops in Estonia, Florida, and the Virus Bulletin conference in Ottawa. Unfortunately, we can’t tell you much about most of these: while some very important work on the mitigation of malware is done in and around
As you may have noticed, we’ve been a little busy in the past few weeks, with major conferences and workshops in Estonia, Florida, and the Virus Bulletin conference in Ottawa. Unfortunately, we can’t tell you much about most of these: while some very important work on the mitigation of malware is done in and around these sessions, it can’t always be made public. Virus Bulletin is another matter: we were very strongly represented there, presentation-wise, and some papers will be going up on the white papers page very shortly. In fact, there’s been something of a queue of white papers building up while other issues were resolved, but I’ve been sneaking in a little editing time so that we can get some of them going through the publication process.
[Talking of Virus Bulletin, Graham Cluley and Carole Theriault of Sophos put together a video for the conference that might have amused you, but Sophos have removed the video (though not the blog). Of course, my real agenda here was to draw your attention to all those people from other companies on camera with the ESET logo on their conference ID. I wonder if there’s a connection? ;) – DH, 2017]
Meanwhile, out in the great wide world, malware continues to flourish.
We are seeing a spike in detections of the WMA/TrojanDownloader.GetCodec.Gen malware family. The GetCodec malware family modifies media files to include information on a fake codec that needs to be downloaded and installed if a user wants to view or listen to the infected media file. If files are shared with other users, they run the risk of being infected.
Fake antivirus software is also on the rise. This type of malware sends false information to users, reporting that their computer is infected with various threats. The fake antivirus then prompts for payment before “cleaning” the false infection.
In our Threat Trends report for September [dead link removed – DH 2017], we also noted that the rise in detections of gaming password stealers continues to escalate dramatically, and that malware that attempts to exploit the Autorun facility continues to feature strongly in the “top ten”. In his presentation on “Defense in Depth”, Ken Bechtel, my long-time friend and colleague in Team Antivirus and AVIEN, remarked that there are actually no less than seven registry keys that need to be fixed before Autorun is fully disabled in Windows. :( I think we may revisit that issue on this page shortly.
David Harley & Pierre-Marc Bureau
Malware Intelligence Team