May 13, 2011 - That Magic Lantern thing just keeps raising its head (and an ugly little head it is too, poor thing…) Earlier this week I was in Krems, Austria, for the EICAR conference,and the story was alluded to in a (continue reading...) Read more
May 10, 2011 - I may have mentioned from time to time that ESET is a strong supporter of AMTSO (the Anti-Malware Testing Standards Organization), an international organization that promotes improved methodologies for testing security products. Last week we held an AMTSO workshop in (continue reading...) Read more
May 5, 2011 - CIPAV, the "Computer and Internet Protocol Address Verifier" spyware apparently used by the FBI to monitor activity on the computers of suspects, may not seem the hottest news item around: in fact, my friend and former colleague Craig Johnston and (continue reading...) Read more
May 5, 2011 - April? Haven't we moved on from there? Well, yes, but ESET's ThreatSense report for April does include, apart from some information on the top ten threats for the month, a feature article by Urban Schrott on the far-from-dead 419 scam, some (continue reading...) Read more
May 1, 2011 - I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute. The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and (continue reading...) Read more
May 1, 2011 - Greetings, my faithful fans. Did you miss me? I've just had a restful week hiding from the Internet in a remote cottage in Devon, which is why I've been uncharacteristically quiet. Before that, though, I had an interesting and useful week (continue reading...) Read more
April 15, 2011 - The US Department of Justice's announcement yesterday of the takedown of the command and control (C&C) servers for the Coreflood bots (detected by ESET as Win32/AFCore) and seizure of their domains marks another step in the growing (continue reading...) Read more
April 15, 2011 - Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the (continue reading...) Read more
April 14, 2011 - Here’s a little information from ESET’s point of view about the Coreflood botnet, whose C&C (Command and Control) servers were taken down yesterday by the Department of Justice. The Coreflood bot is detected by ESET products as Win32/Afcore and (continue reading...) Read more
April 13, 2011 - As David Harley blogged earlier, the Comptroller of Public Accounts office for the state of Texas yesterday began notifying state employees that the names, addresses, social security numbers and other records of some 3.5 million current or former state (continue reading...) Read more
April 13, 2011 - Plenty more (potential) phish in the C:\: The consequences of the Epsilon breach may have been a little overstated, but the Texas data exposures are far from trivial. (continue reading...) Read more
April 12, 2011 - I'll see your Epsilon mail addresses and raise you 3 1/2 million Texans' personal records. While the Epsilon leak got an excessive amount of media attention, given its limited potential for phishing (let alone spear phishing), it seems bizarre that (continue reading...) Read more
April 11, 2011 - No, this blog isn't expanding into a competitor for CNN or, in this case, Reuters: I've no ambitions to be a reporter. In fact, I don't know if this will attract more than usual blackhat SEO, fake Youtube video links, rogue (continue reading...) Read more
April 7, 2011 - I was mildly amused to note that Internet connections to Georgia (Eastern Europe, not the US) and Armenia were cut off by a 75-year-old woman (though if I'd been working out of one of those countries myself, I might (continue reading...) Read more
April 7, 2011 - You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone (continue reading...) Read more
April 6, 2011 - My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains (continue reading...) Read more
April 6, 2011 - The March Threatsense report at http://www.eset.com/us/resources/threat-trends/Global_Threat_Trends_March_2011.pdf includes, apart from the Top Ten threats: a feature article on Japanese-disaster-related scamming by Urban Schrott and myself news of the Infosec Europe expo in London on the 19th-21st April, the AMTSO and CARO workshops in (continue reading...) Read more
March 31, 2011 - In Giving the cybercriminals a helping hand, Randy Abrams discusses how most Facebook app developers are making session hijacking too easy for the cybercriminals. In A tsunami is also a crime wave I talk (continue reading...) Read more
March 30, 2011 - Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years. TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced (continue reading...) Read more
March 30, 2011 - … albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged (continue reading...) Read more