archives
March 2011

BingDings* Force Change of Tune

* Sorry, but I couldn't resist a Crosby reference. I was more than a little irritated over the weekend – see Faith, Hope, Charity and Manipulation – by Microsoft's use of the Japanese disaster to give the Bing search engine a little extra exposure using a chaintweet technique: How you can #SupportJapan – http://binged.it/fEh7iT. For every retweet,

The Hole in the Wall Gang*

We've already discussed a lo-tech but surprisingly effective attack on ATM users here and elsewhere. However, Brian Krebs has recently posted on more conventional skimming attacks: Green Skimmers Skimming Green. An interesting and useful comment thread too. However, in view of the mentions there of chip and pin technology, it's worth pointing out that while

Disaster Scams and Resources

I've added some commentary and resources on the Japan earthquake/tsunami disasters to an independent blog I maintain that specializes in hoaxes, scams and so forth, but here are a few of the same resources that aren't already included in my recent blogs here on the topic: Analysis from Kimberley at stopmalvertising.com: http://stopmalvertising.com/blackhat-seo/recent-japanese-earthquake-search-results-lead-to-fakeav.html Guy Bruneau at Internet

Disasters: Getting Involved

From my friend Rob Slade. He was writing at the time of the Haiti earthquake over a year ago, but the advice still stands, and not just for those who are uncomfortably near all those fault lines that seem to have been particularly restless in the last year or two. Thoughts on Haiti, Olympics, and

Japanese Earthquake: inevitable SEO

As you'd expect, there have already been reports of Black Hat SEO (Search Engine Optimization) being used to lure people looking for news of the earthquake and subsequent tsunami onto sites pushing fake AV. (Stop me if you've heard this before…) My colleague Urban Schrott, however, offered some pretty good advice on what to look out

Sticky Criminals

CBS in San Francisco is reporting a rather novel cash machine attack. . It seems that crooks are applying superglue to the clear, enter, and cancel buttons on cash machines at banks. A customer goes to the cash machine, inserts their card and enters their PIN. Then the victim notices the enter key is not

Stuxnet, SCADA and malware

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database. One aspect that’s attracted attention on specialist lists is the mention of a large US power company

Relying on GPS: which way is the washroom?

…It’s a common plot device, of course, but our increasing dependence on the technology does make it more viable…

Ginger Rogers hoax

I've been coming across several references to an email and Facebook hoax relating to a YouTube that's claimed to show 92-year-old Ginger Rogers dancing with her great-grandson. Of course, it isn't: she died in 1995 in her 80s. This isn't a threat: it's a genuine movie and an interesting enough story to stand on its own,

Email malware: blast from the past

…today I’m waxing nostalgic about a piece of malware. Not one of those anniversaries that have filled so many blogs, articles and videos recently (happy birthday, dear Brai-ain….), but something that just popped into my mailbox…

Stuxnet analyses: more jaw-jaw*, more cyberwar, less precision

Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945…

Langner, Stuxnet, US and Israel.

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Politicians Better at Security than Twitter, Yahoo, and Amazon

Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk

Here’s my support desk!

got a phone call from a gentleman with a pronounced accent wanting to help me with my virus problem … You didn’t know I had a virus problem? Neither did I, but he assured me that I was spraying malware all over the part of town I live and work in.

Facebook Spam: the Fifth Wave

My colleague from ESET Ireland, Urban Schrott, reports that the company has seen a megawave of Facebook spams:  five separate spams in 24 hours. I've no idea of the numbers involved, but Urban's "think before you click" message is well worth repeating. The post is to ESET Ireland's CyberThreats Daily blog post: the company also

WordPress.com Survives DDOS Attack

WordPress.com is a popular blogging host. Recently, for unknown reasons miscreants launched a massive distributed denial of service attack (DDOS) against WordPress.com. According to TechCrunch (http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/) WordPress.com is responsible for 10% of the websites in the world. So far I have not seen anyone take responsibility for the attacks. With so many websites being hosted

Where’s your IT support desk when you need it?

…Hanging on the Telephone, By David Harley, Urban Schrott and Jan Zeleznak…As if fake anti-virus products weren’t bad enough, nowadays we have unsolicited phone-calls from fake AV helpdesks. ESET researchers tell you more about support scams…

Nice Stuxnet Commentary and Hype Deflation

Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I

Androids and Gingerbread Men

…all the relevant malware they’ve seen uses exploits that are restricted to Android OS 2.2 and below…

Social Security Numbers: deja vu all over again

Social Security Numbers: Identification is STILL not Authentication…

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.