archives
March 2010

“Londoning”: Mugs and Muggings Revisited

Last summer (June 2009), I posted about an example of a very common scam that relies on the scammer gaining access to someone else's email or Facebook account, then sending messages to all their contacts claiming that they've been mugged while abroad on business or vacation, and need their friends to send them some money

NSS Labs: AMTSO’s Review Analysis

AMTSO (the Anti-Malware Testing Standards Organization) has published its review analysis of the Endpoint Security Test that was published by NSS Labs on September 8, 2009. The Review Analysis published on March 17, 2010 compared AMTSO’s Fundamental Principles of Testing to the NSS Labs report and found that it doesn’t comply with two of the nine AMTSO

A bot by another other name…

In my day-to-day discussions with peers and the general public, there is always something that I take away from the discussions. For instance, in the last few days there have been references to Kneber and Zeus as two different botnets. I'd like to take a moment to help clarify the fact that these are actually

iPad scammers target the unwary

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

Above the Clouds

ThreatSense.Net® is a form of distributed computing that for several years has supplemented and extended the capabilities of the ThreatSense® detection engine, which is the heart of the advanced heuristics that characterize ESET products. ThreatSense.Net® sends back information to the Virus Labs on both known and new threats. As well as tracking the prevalence of

Turn Off That Bloody Horn!

Last week I blogged about the increased use of electronics for entertainment systems and vehicle control systems in cars, and the potential risk of malware theoretically causing those systems to be compromised. Well, a few days ago, a news item came in that was an interesting follow on from my blog, although not directly related.

Anti-Phishing Working Group: CeCOS IV

The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit in Brazil, which I'm pleased to do. This year the APWG is hosting it's fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in São Paulo, Brazil.  The Discounted Early Bird Registration rate will

Macs, smartphones, security, the universe…

Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves. ;-) "Touching (or Bumping) Base" addresses a mixed bag of issues: Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products"

Dumb or Devilish? You Decide…

[Update: so far I have two votes for dumb. Maybe I'm giving this spammer too much credit, and it is a simple "spam template fail" ;-) On the other hand, while I wouldn't vote "evil genius", I'd still love to know how many people actually fall for this - I don't have a problem envisaging

The Return of Jacques Tits

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a

You are the weakest link…

Greetings, friends and fiends. It's been a while since I've been able to blog: I've been trying out one of these vacation thingies that I keep reading about in travel magazines. (Well, my wife does, and she tells me when I need a holiday, presumably as my conversations get grouchier.) But I see that my

We’re Not Talking Peanuts Here, Folks

We have recently seen some reports that give some idea of the real size of the cybercrime problem. Recently Federal Deposit Insurance Corporation (FDIC) Examiner Dave Nelson reported that online banking fraud involving the electronic transfer of funds cost US banks more than $40 million dollars per month for the third quarter of 2009. The

Get Your Motor Running

Ford Motor Company has recently announced that later this year it will be producing cars with built-in WiFi capabilities. Since 2008, the first generation of this system enabled owners of certain Ford, Lincoln & Mercury vehicles to connect media players & bluetooth devices to their entertainment systems. This second generation of its so called Sync

It Seems Obvious To Me….

    If you listen to IT Security experts, they will regularly tell you to make your passwords difficult to guess. They will also tell you ensure it is not short, and has a mixture of alphabetic, numeric & special characters in it – and certainly don't use a word that is found in the

Patchwork for the Home and the Enterprise

SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to

AV Lingo, et al

A reader recently sent in a batch of questions that I thought might be of general interest.  I also invited other members of the Research team to chime in with their thoughts. Question 1- When it is critical to give a malware specific name? [David Harley answers…] For detection/remediation purposes, it isn't really necessary for

What Do You Get When You Fall In Love?

Let's consider the words of the song "I'll Never Fall In Love" by Burt Bacharach and Hal David: "What do you get when you kiss a girl? You get enough germs to catch pneumonia After you do, she'll never phone ya I'll never fall in love again" OK, it's confession time. I am single and

RSA, AMTSO, the Universe and Everything

There was an AMTSO (Anti-Malware Testing Standards Organization) panel session here at RSA, where Larry Bridwell, Righard Zwienenberg, Andreas Marx, Roel Schouwenberg and Neil Rubenking talked about AMTSO and what it does (and what it hopes to do). And I added to my list of qualifications for being involved with the organization: current vendor representative,

Greetings Austin!!!

After having launched the Securing Our eCity campaign (www.securingourecity.org) in San Diego, ESET is taking cyber security education to Austin Texas. ESET will be offering free educational seminars about cyber security in Austin. ESET recently commissioned a survey of 551 residents of Austin, Texas.  24% of the people interviewed reported that they or someone they

The Biggest Botnet in the World

You may have seen the news about the bot masters in Spain who were arrested. Defense Intelligence http://defintel.com/docs/Mariposa_Analysis.pdf dubbed this Mariposa botnet. It is claimed that this botnet had the power to perform much stronger attacks than what Estonia witnessed a couple of years ago.  Still, this botnet is dwarfed by the largest botnet in

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.