Last summer (June 2009), I posted about an example of a very common scam that relies on the scammer gaining access to someone else's email or Facebook account, then sending messages to all their contacts claiming that they've been mugged while abroad on business or vacation, and need their friends to send them some money

AMTSO (the Anti-Malware Testing Standards Organization) has published its review analysis of the Endpoint Security Test that was published by NSS Labs on September 8, 2009. The Review Analysis published on March 17, 2010 compared AMTSO’s Fundamental Principles of Testing to the NSS Labs report and found that it doesn’t comply with two of the nine AMTSO

In my day-to-day discussions with peers and the general public, there is always something that I take away from the discussions. For instance, in the last few days there have been references to Kneber and Zeus as two different botnets. I'd like to take a moment to help clarify the fact that these are actually

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

ThreatSense.Net® is a form of distributed computing that for several years has supplemented and extended the capabilities of the ThreatSense® detection engine, which is the heart of the advanced heuristics that characterize ESET products. ThreatSense.Net® sends back information to the Virus Labs on both known and new threats. As well as tracking the prevalence of

Last week I blogged about the increased use of electronics for entertainment systems and vehicle control systems in cars, and the potential risk of malware theoretically causing those systems to be compromised. Well, a few days ago, a news item came in that was an interesting follow on from my blog, although not directly related.

The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit in Brazil, which I'm pleased to do. This year the APWG is hosting it's fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in São Paulo, Brazil.  The Discounted Early Bird Registration rate will

Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves. ;-) "Touching (or Bumping) Base" addresses a mixed bag of issues: Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products"

[Update: so far I have two votes for dumb. Maybe I'm giving this spammer too much credit, and it is a simple "spam template fail" ;-) On the other hand, while I wouldn't vote "evil genius", I'd still love to know how many people actually fall for this - I don't have a problem envisaging

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a