General | WeLiveSecurity

General

Microsoft’s October Out of Band Patch

Typically, Microsoft releases patches (security fixes) on the second Tuesday of each month. This day is affectionately called “Patch Tuesday” by many. On very rare occasions when there is a particularly severe vulnerability Microsoft will release a patch as soon as possible. Yesterday (October 23rd, 2008) Microsoft made a rare exception and released an “out

Asking for samples for testing

From time to time we are asked to provide samples or malicious URLs to individuals and groups who are not in the full-time testing business. We do, of course, share such material with other actors in the security industry who are within our web of trust, but are not usually able to honor requests from

Wave of Malicious PDFs

For the last couple of weeks, we have been seeing a wave of malicious PDFs crafted to exploit security flaws in PDF reader software.  For the last two weeks alone, we have detected more than 25 000 attacks involving this type of file.  Attackers are exploiting two different vulnerabilities in Adobe Acrobat Reader to execute

Testing Internet Security Suites: More Questions than Answers…

…and for once we’re not one of the vendors getting hammered. Secunia, a Danish company that sends out security notifications, has announced that it has tested a dozen security suites. Interestingly, Secunia used a number of exploits developed in-house for analysing vulnerabilities rather than the sort of malware sample based testing that we’re more used

Phishers Don’t Care…

I don’t suppose you thought they did. But just to prove that scammers have no compunction about using people’s understandable fears about the current financial crisis as a means of stealing from them, here’s a short extract from a fairly typical example of a current wave of fraudulent emails. “Subject: New campaign against financial markets

Memetic Malware Part 36

Memetic malware, in case you haven’t heard me ranting on the subject before, is a pseudo-technical term applied by some to hoaxes, semi-hoaxes, urban legends and so on, especially when spread via email and other Internet services. The adjective memetic derives from the coining by Richard Dawkins of the noun meme, which he described in

A Shock to the System

When it comes to installation sizes, smaller is actually better, as long as essential features like detection aren’t compromised in order to reduce footprint, and we at ESET like to think that’s a trade-off we manage rather well. With all due respect to our colleagues and competitors at Symantec, their products, on the other hand,

Normal Service is Resumed…

As you may have noticed, we’ve been a little busy in the past few weeks, with major conferences and workshops in Estonia, Florida, and the Virus Bulletin conference in Ottawa. Unfortunately, we can’t tell you much about most of these: while some very important work on the mitigation of malware is done in and around

It Doesn’t Hurt to Ask

Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy. If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a

A Deeper Look at Win32/Inject.NBL

Late Monday, we received samples of a malware that spreads through instant messaging.  Detection was quickly added for this threat and David gave a nice summary of the events in a blog post. When analyzing this binary, we found out that Win32/Inject.NBL has a couple of interesting characteristics.  First of all, we were able to

False positive

We’re quite proud of our record of low false positive rates, despite the occasional slip-up (all AV scanners have them: it’s an unfortunate fact of life, but we like to think that our usefulness in detecting real malware outweighs them in the long term). However, I’ve just been advised by our friends at Sophos (yes,

In Space, No‑one Can Hear You Scream “Virus!”

According to the Wired blog, non-critical laptops in the International Space Station were infected in July with malware: according to spaceref.com it was a (fairly old)password stealer that captures gaming credentials and spreads using autorun.inf (See? We told you these were problems!). Spaceref.com also reckon that quite a few systems on the space station don’t carry

Testing Standards Revisited

ESET is very interested in and supportive of the Anti-Malware Testing Standards Organization (AMTSO), which aims to raise testing standards across the board and reduce the impact of misleading, poorly-conceived and -implemented comparative testing. Like many in the industry, we believe that benefits the end-user and the industry, and I’ve been heavily involved personally in

Myfotoos Live Messenger Worm

There is a worm which is aggressively broadcasting itself to Windows Live Messenger users, and possibly via social networking services (MySpace, Hi5, etc.). It’s known to affect users of MSN, AIM and Triton, and we have had several reports from people who were contacted by compromised hosts. When it infects a PC, the current version of the

Fake anti‑malware

Pierre’s recent blog on fake invoices mentioned the problems we’re seeing nowadays with Trojans masquerading as anti-virus or anti-spyware programs, and this reminded me that I blogged [link removed as no longer available – DH, 2017] on that topic recently at Quanta Security, one of the external sites for whom I have sometimes done pro

Beware of Fake Invoices

Over the last two weeks, we have seen an increase of fake e-mails pretending to contain invoices for various companies including UPS, Fedex and airlines from around the globe.  Subject of such e-mails include “Fedex tracking number 1234567890” or “E-ticket #1234567890”.  The body of the e-mail states that the recipient’s credit card has been charged

Negative Values: Racing Past Zero

Well, there’s not much doubt about the SecurityFocus view of the Race to Zero event. A report by Robert Lemos is festooned with advertising that states “If you want to stop a hacker…you have to act like one.” Perhaps Symantec, who own SecurityFocus, can afford to be relaxed about the event, since their scanners weren’t represented

Adware, Spyware and Possibly Unwanted Applications

An interesting comment turned up today to my “Malware du Jour” blog entry at Securiteam (http://blogs.securiteam.com/index.php/archives/1121). The poster asked a couple of questions, based on content from the ESET mid-year Global Threat Report, one of which was ‘How do you define “possibly unwanted applications [PUAs]?”‘ My first thought was to refer him to the definition

Global Threat Report – Half Year

Our mid-yearly Global Threat Report looks at malware threat trends over the past six months, based on data from our ThreatSense®.net threat tracking system. This report focuses on broad trends rather than individual malware variants: this reflects better the proactive detection which is the strength of our products, but is also more useful to most readers. Here’s a