In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal.

[Some interesting research reported by Aleksandr Matrosov]

Not long ago we received interesting information from an independent security researcher from Russia, Vladimir Kropotov. (We will be presenting our joint research with him at CARO 2012). We started to research this information and found an interesting way to distribute by FTP the payload for the most common java exploit, which ESET calls Java/Exploit.CVE-2011-3544. At this time Java/Exploit.CVE-2011-3544 is not seen as an exploit kit: we have been tracking the attack by just one exploit and can’t replay the typical attacking vectors used in common exploit kits found on infected web resources.

After opening a window accessing a malicious web site the user is attacked using Java/Exploit.CVE-2011-3544:

It was back in the 1990s when someone told me that operating systems like Windows NT were getting so safe that AV would soon be out of business. And I hear on a regular basis that AV is so ineffective it's not worth having. Because I get some of my income from the anti-virus industry, no doubt you'd expect me to disagree. I do, but that's not why.

Kevin Townsend asked my opinion of a Wired article

[More research from our colleagues in Russia]

In the beginning of February we found a new modification of our “old friend” Win32/Rovnix (the dropper detected as Win32/Rovnix.B trojan), which is the first bootkit using VBR (Volume Boot Record) infection. An interesting fact is that Rovnix bootkit components were used in Win32/Carberp, the most widely spread banking trojan in Russia. You can get more information about modern Carberp evolution facts in our forthcoming presentation “Carberp Evolution and BlackHole: Investigation Beyond the Event Horizon” at CARO 2012.

And now we are seeing a new step of evolution for the Rovnix bootkit family.

We can see interesting tracking strings in the unpacked dropper:

A few years ago, from time to time I used to visit the school where my wife taught IT, to talk to some of their students about IT security. In fact, we wrote a paper at that time(along with my good friend Eddy Willems), based on some research data we gathered between us in the UK and Belgium about student knowledge of and attitude towards security issues: Teach Your Children Well – ICT Security and the Younger Generation.

Personal information of roughly 100 million out of the half a billion Facebook users have been recently compromised, their private information leaked to the web. This is not the first or last time social networks have been targeted. ESET’s senior research fellow David Harley, among others, continuously comments on cases of SPAM and SCAM exploiting many applications used on Facebook. To help its users stay safe, ESET has prepared a fresh list of pointers on how to stay secure on social networks.

Continued here:
After Facebook leak, ESET advises computer users how to keep safe on social networks

Just published in SC Magazine's Cybercrime Corner, expanding on a conversation I had recently with Kevin Townsend,

It's a little ironic. My earlier blog Autorun and Conficker not dead yet: Threat Trends Report shows that over the whole year,