Author Archive
Coreflood dries up
By Aryeh Goretsky at 15 April, 2011, 11:06 am
The US Department of Justice's announcement yesterday of the takedown of the command and control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing awareness that crime, whether it is committed with bullets or with botnets, is still crime.
This particular botnet, about … Read More.
(No Ratings Yet)
Loading ...Deep in the Hard Drive of Texas?
By Aryeh Goretsky at 13 April, 2011, 5:44 pm
As David Harley blogged earlier, the Comptroller of Public Accounts office for the state of Texas yesterday began notifying state employees that the names, addresses, social security numbers and other records of some 3.5 million current or former state employees had been accessible via the Internet.
Unlike the earlier Epsilon Data Management data breach, it seems no … Read More.
(No Ratings Yet) Loading ...Trojan in Microsoft Update Catalog – A Bunny Bites Back
By Aryeh Goretsky at 4 February, 2011, 12:03 pm
UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to prevent malware from being distributed on services like Microsoft's Windows Update in the future. 7-FEB-2011.
Last week, we received … Read More.
(No Ratings Yet) Loading ...Microsoft’s recent MHTML Vulnerability – Follow up
By Aryeh Goretsky at 3 February, 2011, 2:38 pm
Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database.
Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows is likely to … Read More.
(No Ratings Yet) Loading ...What are Heuristics?
By Aryeh Goretsky at 29 December, 2010, 6:27 pm
It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as … Read More.
(No Ratings Yet) Loading ...Unencrypted Wireless: In Like a Lion, Out Like a Lamb
By Aryeh Goretsky at 27 October, 2010, 12:44 pm
[C. Nicholas Burnett, the manager for ESET LLC's tier three technical support, contributed the following guest blog article on the FireSheep plugin for Firefox. Thank you very much, Carl! Aryeh Goretsky]
The past several days have seen the security community abuzz about a program presented in San Diego at ToorCon 12 this last weekend called FireSheep. … Read More.
(No Ratings Yet) Loading ...Earthquake in New Zealand likely to bring cybershocks
By Aryeh Goretsky at 3 September, 2010, 2:00 am
[UPDATE #1 at 12:15PM: Added more information about location of earthquake and prior scams. AG]
We have just heard about the early September 4 (Saturday morning) earthquake near Christchurch, New Zealand, currently estimated at a Richter magnitude of 7.4. Our New Zealand distributor in Auckland is unaffected, but communications with the area are difficult.
As with any tragedy … Read More.
(No Ratings Yet) Loading ...Save your work! Microsoft Releases Critical Security Patch
By Aryeh Goretsky at 2 August, 2010, 12:57 pm
As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the … Read More.
(No Ratings Yet) Loading ...A few facts about Win32/Stuxnet & CVE-2010-2568
By Aryeh Goretsky at 22 July, 2010, 6:36 pm
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat.
Detection for Win32/Stuxnet and the shortcut (LNK) files used … Read More.
(No Ratings Yet) Loading ...The Return of Jacques Tits
By Aryeh Goretsky at 18 March, 2010, 4:04 pm
It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated.
In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO’s office, a public relations contact, et cetera) from a Chinese [...]
(No Ratings Yet) Loading ...
