archives
September 2009

Greyware: Trust Me, I’m a Lawyer

Since I’ve just spent several days at a major conference, you might have expected a flurry of blogs about it. And indeed, there’s a lot more I hope to say about VB 2009, but I’ve been beset by a number of other issues that have demanded my attention, in and out of the blogosphere.  I did rather hope

Microsoft Security – Essential?

People keep asking me about Microsoft’s newly released Security Essentials free anti-malware (formerly known as Morro). Randy and I both blogged about it at some length back in June – see http://www.eset.com/threat-center/blog/category/microsoft-security-essentials and http://www.eset.com/threat-center/blog/2009/08/03/more-free-lunches, for instance – but there’s still a lot of interest in the impact that the product is likely to have on ESET

Making Malware

McAfee Avert Labs has been advertising a "Malware Experience" session for the "Focus 09" security conference, which offers attendees the chance to "to work with a Trojan horse, commandeer a botnet, install a rootkit and experience first hand how easy it is to modify websites to serve up malware." Actually, this text has been modified: it

Dissipating the Cloud

The next presentation here at Virus Bulletin is called “Tales from Cloud Nine” and is presented by Mihai Chiriac, the head of research from BitDefender. While using the word “cloud”, Mihai continued to explain what the technology is that is being used, how and why it used. This was an exceptionally well balanced presentation that

A Cloud is a Container of Fog that Obscures Vision

I’m sitting in a presentation at the Virus Bulletin conference in Geneva. The topic is “Why in the Cloud scanning is not a solution. The presentation is done by Andreas Marx and Maik Morgenstern from AV-Test.org. What they found in extensive testing is that “Cloud” scanners do not have a detection advantage over traditional solutions.

Postcard from Geneva

Virus Bulletin 2009 is now in full swing, though meetings and other issues have kept me from seeing as much as I’d like. Still, excellent opening and keynote speeches, and a very interesting talk on cyber-insurance from Pascal Lointier. (A bit of a first for me: though I’ve been attending VB most years since 1996 and

Genial Geneva and a note for Francophones

Bonjour mes amis! Well, I am in Switzerland, and very close to the French border, for the Virus Bulletin conference – perhaps the most eagerly anticipated event in the anti-malware researcher’s calendar. How sad is that? I also thought you might like to further extend your French skills on an article here, about a presentation

That BT Scam Again

A few days ago, I mentioned an email chain letter that’s going round in the UK about a scam where where "the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim,

Do You Wear a Seatbelt?

Modern cars are designed with crumple zones. These crumple zones help to decrease the risk of death in a severe car accident. Modern cars also have airbags. The airbags reduce your risk of death or injury in the case of an accident. If you don’t use a seatbelt your airbag and crumple zone are unlikely

Can’t Surf the Web?

Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get

Hold the jemmy a second, I need to check Facebook

The Journal of West Virginia reported yesterday that 19-year-old Jonathan G. Parker was charged on Tuesday with felony daytime burglary. He’s alleged to have stolen two diamond rings worth more than $3,500, but to have taken some time out to access his Facebook account on the victim’s laptop. If the report is correct, it seems that

Yahoo! Group Spam Handling

So, in case you were wondering about the progress of my abuse report to Yahoo!, I did indeed get a response within 48 hours, thanking me for my communication, assuring me that they’d investigate, and informing me that they wouldn’t be letting me know about the outcome of that investigation, as they don’t disclose information about

Do Security Like a Pro (or not)

A report from SANS concludes that security professionals may not be paying attention to some of the biggest threats out there today. Not terribly long ago the Windows operating system was the attack target of the bad guys. There were tons of exploitable vulnerabilities and they were heavily exploited. Since that time Microsoft has put

Yahoo Group Spam

There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like

Risk Report – Should Try Harder

SC Magazine has reminded me today of a new report on the top current security risks, jointly published by SANS, TippingPoint, who provided the attack data, and Qualys, who provided vulnerability data. With impressive modesty and finely-tuned understatement, Alan Paller of SANS describes it as the "best risk report ever". Well, with added analysis and educational

CFET paper added to White Papers Page

We’ve just added my paper "The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic" to the White Papers page at http://www.eset.com/download/whitepapers.php. This paper follows up on "A Dose By Any Other Name", which Pierre-Marc and I presented at Virus Bulletin last year and goes some way towards explaining (I hope…) why sample glut

Fake ICE and Hot ICE

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me. I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in

Got ICE?

ICE stands for “In Case of Emergency”. The idea is that you put ICE in front of the contact(s) on your phone that you would want to have called if something happens and emergency personnel look at your cell phone to try to figure out who to call. I recently found a cell phone at

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

iTrout

Kelly Jackson Higgins with Dark Reading reported that the anti-phishing technology on the iPhone is currently not working. You can read the article at http://www.darkreading.com/security/client/showArticle.jhtml?articleID=219700594&cid=nl_DR_DAILY_T The truth is that no anti-phishing technology is reliable. The technologies can help, sometimes significantly, but the most effective protection is an educated user. All of the technologies have failure

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.