archives
October 2010

Boonana Threat Analysis

Our interim analysis of a version of the malware we detect as Java/Boonana.A or Win32/Boonana.A (depending on the particular component of this multi-binary attack) differs in some characteristics from other reports we've seen. The most dramatic difference is in the social engineering hook used in messages sent to an infected user's friends list. Other reports

NHS Security: a Retrospective View

…While there are those who think that I’ve been in the anti-virus industry since mammoths roamed the Surrey hills, most of my computing career has actually been in medical informatics, though as you might expect from what I do now, documentation, security and systems/user support played a large part most of that time….

Limewire Livewire

Clearly, the news about the demise of the Limewire service hasn’t reached P2P Technologies yet, or, more likely, they’re hoping it hasn’t reached you…

Your Computer Won’t Protect You

You may have seen some headlines today about a New Java Trojan that attacks Macs. It turns out that it also attacks Windows and Linux users as well. The Trojan pretends to be a video on Facebook. A user gets a message asking “is this you in this video” with a link. Upon clicking the

I’ll Tell You How to Vote

A recent article at Time http://www.time.com/time/politics/article/0,8599,2025696,00.html details how an online voting system was hacked. The good news is that it was a public test and not a real election. The bad news is that real people’s information was able to be obtained. The “hackers” professor J. Alex Halderman and some of his graduate students from

Unencrypted Wireless: In Like a Lion, Out Like a Lamb

[C. Nicholas Burnett, the manager for ESET LLC's tier three technical support, contributed the following guest blog article on the FireSheep plugin for Firefox.  Thank you very much, Carl!  Aryeh Goretsky] The past several days have seen the security community abuzz about a program presented in San Diego at ToorCon 12 this last weekend called

Bredolab and the Computer Misuse Act [Update]

…It’s likely that there has been a technical breach in countries that have legislation like the CMA, though I can’t imagine that many people would want to put the Dutch police in the dock On this issue, at any rate. :) …

Limewire, free software, and for-fee membership

…there are a number of other potential risks from offers like this (as I’ve pointed out before) … Paying for software that’s actually free and for services that aren’t worth the money … Paying for software that turns out to be malicious … Parting with credit card and other data that might be misused…

Fighting the Botnet Wars

Bart Parys (@bartblaze) recently contacted me about research he was conducting into botnets, exploit kits and so on. His article "The Botnet Wars: a Q&A" is now up. While Bart himself is a Technical Support Engineer at Panda Security, he's taken the approach of asking a number of experts and commentators (I'll leave it to

AMTSO: Members or Subscribers?

…one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate…

Stuxnet Under the Microscope: Revision 1.11

Tip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report. And, indirectly, leading us to a blip in some PoC code which now looks even more interesting. (But that isn't going public yet.) The paper has been updated to remove the offending item. David Harley CITP FBCS

Scam of the Day AKA She Loves You Yeah, Yeah, Yeah

What a touching email. Mercy saw my profile and wants to know more about me. She even tells me “please don't forget that distance or color does not mean any thing,but love matters a lot”. What a sweet sentiment. Now I’ll show you the email and I think you’ll see what’s wrong with this picture.

Picking Apps for Your Android

Sure, iPhones are a lot more stable than Androids, but there is one place that Android has it all over the iPhone… you get to know what resources an app can access before you install it. This capability, coupled with comments on apps can really help you make better decisions about what you install on

The 1 Gigabyte Screen Capture

Back in the early 1990’s I had a 386 with 4 megabytes of RAM and a very large 80 megabyte hard drive. That little 386 could do something an Android phone cannot natively do. I could do a screen capture and save it to a file. I thought that for some of my blogs on

Adobe Flash, The Spy in Your Computer – Part 4

This is the last segment in the series. To begin with, I have a question for you… What do you call a device that has a 1 gigahertz microprocessor, 512 megabytes of RAM, several gigabytes of solid state storage, runs programs, can be programmed, and can access the internet? Sound a bit like a Netbook,

Facebook survey scam alert [updated]

…fake survey scam…

Fake Adobe Update Update…

Larry Seltzer and David Phillips have kindly sent me the full text of the fake Adobe update messages I previously mentioned…

Fake Adobe Updates

An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out recently: of course, it’s a fake, linking to a site that isn’t Adobe’s.

Stuxnet Paper Revision

The Stuxnet analysis “Stuxnet under the Microscope” we published a few weeks ago has been updated…

Stuxnet Vulnerabilities for the Non-Geek

Google translate is pretty cool, but they are missing a language. You can translate from Haitian Creole to Yiddish and from Galacian to Maltese, but you can’t translate from geekspeak to anything a regular person understands. The good part about this for me is that I have a job trying to do just that! David

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.