We received and interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some

I came across an interesting article today on "Breaking the conventional scheme of infection" at the evil fingers blog site. Actually, it’s by my colleague in Argentinia, ESET Latin America Security Analyst, Jorge Mieres, but I didn’t realize that at first. (The original blog is in Spanish, and if your command of that language is

The AMTSO (Anti-Malware Testing Standards Organization) meeting in Prague, which took place at the beginning of this week, proved to be rather more exciting than you might expect from a group with the word "Standards" in its name. One of the issues that caused particularly lively debate centred around the question of what constitutes AMTSO

Yesterday I posted a blog about the Director of the FBI claiming to no longer use online banking at all because he almost feel for a phishing attack. A response to the blog suggested not using Windows for online banking and linked to Brian Krebs http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html and Michael Horowitz http://blogs.computerworld.com/14806/crimeware_gets_worse_how_to_avoid_being_robbed_by_your_pc Both of these articles discuss

In a recent speech given by Robert S. Mueller, III, Director of the FBI, he claimed that he had almost been the victim of a phishing attack targeting his bank account. Mueller went on to say that at his wife insistence he has since given up on-line banking. The article I saw was http://www.eweek.com/c/a/Security/FBI-Director-Nearly-Hooked-in-Phishing-Scam-Swears-Off-Online-Banking-616671/. It’s

One of the less obvious tasks associated with blogging is that every so often we have to find time to go through the comments that have been posted to our blogs. Inevitably, some are examples of blog spam that have slipped through our filters. Some are comments to blogs we posted long ago, and while

I was quoted last month in an article at PC Retail (http://www.pcr-online.biz/features/305/The-truth-about-cyber-crime), which is nice. However, I just came across the notes I made at the time of the original enquiry/interview, most of which wasn’t used, so here are my full responses to the questions Andrew Wooden asked, in case they’re of interest. (Actually, they’re slightly expanded and I’ve

As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/.  Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it  http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https   Thanks, Sebastián! David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog ESET Threatblog notifications on Twitter:

Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https - Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an