archives
August 2009

Oh Yeah, That’s How It Should Work!!!

Recently a security company was hired to test the security of a Credit Union. The security company (MSI) ran a penetration test and mailed a letter with a couple of CDROMS to the Credit Union. The letter appeared to come from a reliable source, but it was unexpected and the employee who received it was

419 and Mac scams

I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen. From: British Tobacco Company Sent: 27 August 2009 19:46 Subject: Contact Mr Paul Adams Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO

Snow Leopard and Malware

Mac User has reported in a little more detail than I’ve seen elsewhere so far on the Trojan detection in Snow Leopard, quoting freelance OS X and iPhone developer Matt Gemmell. In fact, the meat of the story is Gemmell’s tweets, which state that:the system checks for only two known Trojans, RSPlug and iServices, and

Mad Macs: Beyond Blunderdome

I really ought to be working towards some really urgent deadlines, but I can’t resist a quick comment on the antimalware detection feature in Snow Leopard – darn, I’m going to have to upgrade to get a proper look at it – since several AV people, including our own Aryeh Goretsky have commented. I have

Web Searches and Dangerous Ladies

I feel like the learned judge in the ’60s who asked, in the course of a trial, "What is a Beatle?" since until recently I couldn’t have given you an accurate answer to the question "What is a Jessica Biel?" In fact, I’d probably have said something like ""Wasn’t she in Flashdance?" (The answer is

M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses

Now You Can Fix Autorun

Microsoft has released the patches required to make autorun work with only CD and DVD drives. There is one little catch, a USB drive can be configured to look like a CD, but this patch definitely helps reduce risk. I highly recommend you install the patch so that you can connect most thumb drives, GPS

Bots Aren’t The Only Zombies

News came out today that Michael Jackson’s death has been ruled as a homicide. Expect to see spam and hoax emails coming around soon trying to exploit this news. It seems that Michael Jackson just can’t die. It’s a good thing we didn’t have the internet when Elvis died. If you get emails for pictures,

Rogue Anti-Malware Exploiting Athens Fire

Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!) The criminals are using Black Hat SEO (Search Engine

W32/Induc.A FAQ

Sebastián Bortnik, Security Analyst at ESET Latin America, has shared with me his translation of an FAQ written with Cristian Borghello, ESET Latin America'sTechnical and Educational Manager, about the malware ESET NOD32 detects as Win32/Induc.A. I've done a little cosmetic editing on the original and added quite a lot of material (so any mistakes and

New White Papers

A number of new papers have been added to the white papers page: Cristian Borghello’s "Playing Dirty" is a translation of his original Spanish paper, available on the ESET Latin America web site, and describes in detail how criminals make money out of stealing online gaming credentials and assets. http://www.eset.com/download/whitepapers/EsetWP-PlayingDirty20090812.pdf My paper "Social Security Numbers:

Turkish Delight (2)

This is part two of a recent email interview with a Turkish web site, with part one made available here for the benefit of those of us who don’t speak Turkish.  I’ve done a little editing on parts one and two, primarily for cosmetic reasons. Question (4): What the golden rules for using the Internet with

…and Talking of Bratislava

This is a research blog, not a marketing blog. Not that there isn’t a place for marketing (that’s what pays our salaries, in a sense!) and marketing blogs, but my guess is that most of our readers here would get bored quite quickly if we spent too much time on press-release type material, our latest

(User) Education, Education, Education

Regular readers will be aware that, unlike many people in the security industry, people in this research team tend to be enthusiastic supporters of security education for end users, both inside and outside business: not as The Answer To Everything, not in terms of turning everyone who uses the Internet into a security expert, but

Turkish Delight

So, back in harness. I’ve been away for a couple of weeks: not on holiday as such, though I did take some days out, but concentrating on writing: it didn’t hurt that I didn’t have a full-strength internet connection to distract me, though. Before I left, I was interviewed by a Turkish security site. It

The Retro-Virus

Nowadays we see lots of malicious software that is designed to steal money and information. A new virus was recently discovered that seems to be all about proving a concept rather than blatant maliciousness. The Win32/Induc.A virus does not infect like most viruses do. Delphi is a programming language. Induc infected the Delphi IDE so

It Really Wasn’t Your Fault

You may have seen a headline about a huge identity theft ring being busted. http://www.reuters.com/article/topNews/idUSTRE57G4GC20090817 There are a lot of things people can do to be safer online, but in this case it wasn’t about your computer being hacked. Whenever you use a credit card or a debit card there is information that can potentially

A Motivation for the Twitter Attack?

Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet

Twitter and the Corridors of Power

I was amused (and not the only one, either) to notice that the UK’s Cabinet Office has recently launched a "Template Twitter strategy for Government Departments": I wonder if they’re thinking of reconsidering in view of the proven fragility and security-shakiness of Twitter, but I suspect not. I am tempted to make a cheap shot related

Crisis? What Crisis?

In the AV industry, we’re not unaccustomed to security scare stories met with a debunking response. For example, Peter Norton was quoted in 1988 in Insight as saying that computer viruses were an urban myth, like the alligators supposed to inhabit the sewers of New York. (He did change his mind around 1990 when he gave

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

3 articles related to:
Hot Topic
28 Aug 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.