Added 5th March 2011 to the Stuxnet resources page at http://blog.eset.com/?p=5945…

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk

got a phone call from a gentleman with a pronounced accent wanting to help me with my virus problem … You didn’t know I had a virus problem? Neither did I, but he assured me that I was spraying malware all over the part of town I live and work in.

My colleague from ESET Ireland, Urban Schrott, reports that the company has seen a megawave of Facebook spams:  five separate spams in 24 hours. I've no idea of the numbers involved, but Urban's "think before you click" message is well worth repeating. The post is to ESET Ireland's CyberThreats Daily blog post: the company also

WordPress.com is a popular blogging host. Recently, for unknown reasons miscreants launched a massive distributed denial of service attack (DDOS) against WordPress.com. According to TechCrunch (http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/) WordPress.com is responsible for 10% of the websites in the world. So far I have not seen anyone take responsibility for the attacks. With so many websites being hosted

…Hanging on the Telephone, By David Harley, Urban Schrott and Jan Zeleznak…As if fake anti-virus products weren’t bad enough, nowadays we have unsolicited phone-calls from fake AV helpdesks. ESET researchers tell you more about support scams…

Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I

…all the relevant malware they’ve seen uses exploits that are restricted to Android OS 2.2 and below…

Social Security Numbers: Identification is STILL not Authentication…