ESET Research | WeLiveSecurity


ESET Research

ESET Research

Articles by author

Beware of Anna Nicole Smith Malware

Anna Nicole Smith died today and that means the scum of the internet will be out in force. History has taught us to expect a barrage of attacks coming in the form of email with attachments and/or links. The likely attack scenarios will be email messages claiming to have pictures of Smith’s dead body, or

Super Bowl Dolphin Stadium Website Trojan

A Trojan was recently planted on the web page of the Miami Dolphin’s Super Bowl web site. The Trojan was a script that would download a malicious file onto the user’s computer – if the user was not current on their security patches or not using NOD32. Websense first identified the compromised website through the

Mea Culpa

Some of you may notice that the blog entry “I See Antivirus Software in the Vista” has been changed. I made a mistake in referring to Vista Kernel Patch Protection (KPP) in Windows Vista 32-bit. There is no KPP in Windows Vista 32-bit edition. Rather than leaving inaccurate information up on the blog I have

Shhh – it’s a Secret!

There was recently a private meeting of security professionals hosted by Microsoft. This private meeting, complete with a public website has been called a “secret” meeting by some. Hmmm, secret meeting with a published agenda ( complete with date, time, location, and speakers. Some secret huh? Who was there and why did they meet? That

So You Have An Undetected Virus?

From time to time all anti-virus companies run into the situation where a user tells them that their product is not detecting some virus. Typically the user also wants to know why it isn’t detected when another product catches it. These inquiries rarely provide enough information to result in a meaningful answer. There can be

I See Antivirus Software in the Vista

OK, let’s all let out a big whoop and holler. Vista is launched and that means no more Vista Launch hype! On the downside there will now be all kinds of Vista IS launched hype. I was just reading some this morning. A competitor of Microsoft’s (and ours) was quoted as saying that in their

Storm Worm

OK, actually it is not a worm (always) and only the press calls it Storm Worm. Everyone else calls it by one of several other names. ESET calls it “Win32/Fuclip.A Trojan”, “Win32/Fuclip.D Trojan”, “Win32/Nuwar.S worm” or some times “Win32/Nuwar.T worm”. Symantec calls it “Trojan.Peacomm”. McAfee calls it “Downloader-BAI.gen Trojan”. Confusing? Well, it isn’t actually just

The IRS Is Not Offering You Money

You would think that with the cold winter weather people would want to stay inside, but Phishing is an all weather sport, and the phish du jour is an IRS scam. There are hundreds of these, but they go something like this: You get an email that appears to be from the IRS and they

Giving a New Computer?

Around this time of the year people often become first time computer users and learn the wonders, good and bad, of the internet. There are a few tips you can give a new user to help them avoid some of the perils. Actually, there are several million pages of tips in books and on the

Social Sites and Their Risks

In recent months malware on social sites has been in the media. There was the “Greygoo” worm that affected Second Life (, as well as worms attacking MySpace ( users. A recent worm that used QuickTime to spread to MySpace users also incorporated a Phishing attack. Users who accessed infected pages were sent to a

The Spirit of Cooperation

December 3-5 marked the 9th annual AVAR conference. This year yours truly got to be the conference chairman and ESET hosted the conference in New Zealand. AVAR is the Association of anti Virus Asia Researchers ( and has a mission to prevent the spread and damage caused by malicious software, and to develop cooperative relationship

Beating the QuickTime Vulnerability

Apple QuickTime includes the ability to create a movie that can use JavaScript commands. This “feature” is referred to as the HREF track. One exploitation of this “feature” resulted in the spreading of a worm on MySpace. While the functionality itself has legitimate uses there is no legitimate reason for forcing active content from a

Microsoft and the Antivirus Industry

At the Virus Bulletin conference this year I gave a presentation on what I believe will be the impact of Microsoft entering the anti-virus industry. You can download the full paper at: Some people think that this is the beginning of the end of the anti-virus industry and cite examples, such as Netscape as

Does Vista need anti‑virus?

You may have seen a report that Jim Allchin, a Microsoft co-president said that the new lock down features in Vista are “so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.” Of course, the words “Lock down features” are very important. This means that the

Spycar: What Can It Tell You?

A while back I had a chat with Ed Skoudis, who with Tom Liston created Spycar. The log of the chat is available here. In this conversation Ed agreed that Spycar is not a comprehensive test for anti-spyware products, and that it was not designed to be such a test. Randy says: OK, so to

The Hamburglar Meets the iPod

The Hamburglar,, was the crook in some old McDonald’s commercials. It appears that Hamburglar has returned to steal information from McDonald’s customers. Don’t worry, you would have to be one of 10,000 winners (in Japan) to get this special treatment, the rest of us losers keep our passwords. McDonald’s unfortunately put their trust in

ESET NOD32 Blocks VML Exploit Attacks

Microsoft released an out-of-band patch for a vulnerability that affects how Internet Explorer and Outlook process VML code. VML is a method of displaying some high end graphics. If the vulnerability is exploited a remote attacker can gain control of your PC. ESET’s NOD32 is the first known anti-virus product to detect all known types

Is ZERT Right for You?

There have been a lot of articles about ZERT and their patch for the MS VML vulnerability. ZERT is a group of security researchers who feel that the danger of the vulnerability and lack of an MS patch warrants creating their own temporary patch. ESET, Microsoft, and a number of other security vendors do not