Threat description database

To my knowledge, ESET does not have a complete information database for every threat. So, I cannot check for more information on a particular threat, e.g. its behaviour, the changes and harm it makes to one's PC and so on. I hope one will be set up in the future for users' convenience. By the way, can someone please tell me detailed information about INF/Autorun virus detected by ESET NOD32? Thank you.

 

Uf, how could this be done given that there are millions of various threats and an in-depth analysis of a particular threat can take from hours to several days? For this reason, we provide description only for the most prelevant or significant threats.

 

Then I hope ESET will try its best to cover all the threat description by providing a brief description to the family of a particular threat. For example, PSW trojan has a variety of forms and types and ESET will give a brief description or introduction to PSW trojan. I would say like this because the threat information covered in ESET Threat Encyclopedia is really limited and few. So, I usually hardly find the information I need.

 

Google is your friend.

 

Well, it won't help as the name of every threat given by ESET might not be the same as other antivirus company. For example, Norton gives name PWSteal to PWS trojan recognized by ESET. So, I won't get the exact information I need. Moreover, it WASTES my time to run through every result in Google. And how do I know which website or result will give me the exact information I really need? That's also why I suggest ESET to improve its database to a better one.

 

Are you testing against a malware data base?

 

Hello,

INF/Autorun actually refers to a class of malware which makes use of the AutoRun functionality introduced in Microsoft Windows 95 to make the operating system more competitive with the Mac OS by allowing it to automatically run programs when a disc was inserted into the CD-ROM drive.

The way it actually works is that the operating system looks for a special text file named AUTORUN.INF in the root directory of the disk volume. This file contains instructions that not only allow the computer to run a specific program from the drive when it is mounted by the operating system, but about what sort of information to display for the disk volume in Windows Explorer, such as a custom title or icon, extra context menu items and so forth. For example, a popular use of AUTORUN.INF files on hard disk drives is to put a one in the root directory of each disk volume (partition) so that each drive has a custom icon displayed for it in Windows Explorer.

Normally, though, the primary use of this feature is for installing software, displaying documentation, starting a demo and so forth. However, the functionality actually works with other types of drives, including hard disk drives and solid-state FLASH RAM drives (also known as flash drives, jump drives, USB keys and so forth) and, unfortunately, malware authors have discovered that this is a viable vector for spreading their creations since such devices are typically shared between multiple computers, much like floppy diskettes used to be used to transfer files via "sneakernet" between computers before local area networks became commonplace. Interestingly enough, as floppy diskettes spread boot sector viruses to computers, AUTORUN.INF file-vectored malware can be thought of as a new take on this very old vector, at least in a very general way from a behavioral perspective.

One thing to keep in mind, though, is that the AUTORUN.INF file only contains instructions to execute malware which is stored elsewhere on the drive. Just like a batch file, it does not itself contain any executable code.

ESET has actually discussed this class of malware several times in their threat reports last year. Here are links to the press releases: June 2007, July 2007 and December 2007. It was also discussed in a podcast with Randy Abrams, ESET's director of technical education: How Autorun Can Autoruin Your Computer or Network (MP3 format, 9.8MB, 9m38s)

Finally, one thing to keep in mind is that AutoRun is a feature of Microsoft Windows, and although it is turned on by default, it can be disabled. The exact steps can vary, though, based on which version (and sometimes which edition) of Microsoft Windows is on the computer.

Regards,

Aryeh Goretsky

 

No. I think you've misunderstood me. I just would like ESET to set up a better threat description database for users' convenience. If one is set up, they may easily check out more information about a threat.

 

Thanks a lot, Aryeh Goretsky. And sorry because I seldom check out ESET website, unless when I need help. So, I didn't know ESET has discussed this threat several times and didn't know that it has been discussed in its threat reports. That's also why I suggest ESET to improve its threat description database for convenience of users who are ill-informed.

 

Hello,

One thing you can do if you have a question about a particular piece of malware is to check ESET's Threat Encyclopædia at http://www.eset.eu/support/encyclopaedia, or just use the web site's built-in search function to look up the malware based on its name.

Often, you can find information about malware in other places on the web site besides the encyclopedia such as a blog, press center and so forth if the malware is particularly virulent, wide-spread, does something interesting or otherwise has had attention drawn to itself. You can also use an external search engine to search for a threat's name and limit the search to the *.eset.com or *.eset.eu domains if you prefer to use Google, Live, Yahoo! or some other search engine.


Regards,

Aryeh Goretsky