archives
March 2012

Saturday Night Backup Fever, Internet Apocalypse Now

If you use a computer and/or the Internet you might want to think twice about heading to the disco or the movies or whatever else you had planned for this Saturday night and spend the evening backing up your data instead. Why? Three reasons, starting with the fact that today is World Backup Day. Sure,

Blackhole, CVE-2012-0507 and Carberp

The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507

OSX/Lamadai.A: The Mac Payload

Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations). The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it. The webserver would serve a platform-specific JAR

Vulnerable WordPress Leads to Security Blog Infection

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on

Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have

Facebook logins toxic for employers, violate security and privacy principles

Attention CEOs and HR Managers: Facebook login credentials belonging to current or prospective employees are not something that any employer should request, use, or posses. Why? Apart from the violation of security and privacy principles? The risks far outweigh any benefit you imagine you could gain by logging into a social media account that does

From Georgia With Love: Win32/Georbot information stealing trojan and botnet

Malicious software that gets updates from a domain belonging to the Eurasian state of Georgia? This unusual behavior caught the attention of an analyst in ESET's virus laboratory earlier this year, leading to further analysis which revealed an information stealing trojan being used to target Georgian nationals in particular. After further investigation, ESET researchers were

Win32/Carberp Gang on the Carpet

Group-IB’s joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.

Drive-by FTP: a new view of CVE-2011-3544

Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.

OSX/Imuler updated: still a threat on Mac OS X

A new variant of Mac information-stealer OSX/Imuler hides itself inside a ZIP archive, right in the middle of an array of erotic pictures.

Fake Support, And Now Fake Product Support

Cold-call scammers now claim to be AV support staff, but misuse a widening range of system utilities to con victims into believing they have malware.

Support Scammers (mis)using INF and PREFETCH

As well as misusing Event Viewer, ASSOC or a system CLSID, scammers hijack “prefetch” and “inf” to con victims into believing they have malware.

Google's data mining bonanza and your privacy: an infographic

Do you use Google? These days the question sounds almost absurd. If you use the Internet, or an iPhone, or an Android phone, or a Kindle or an iPad, then of course you use Google in some shape or form. And if you take a keen interest in how your personal information is used, you

Modern viral propagation: Facebook, shocking videos, browser plugins

Fraudsters continue to innovate their scam propagation methods. Again using Facebook and a pretense of a shocking video, they also utilize browser plugins to execute malicious scripts. We also see how the malware scene is intertwined, when the user is directed to a dubious Potentially Unwanted Application. Facebook auto-like scams have been commonplace on the

The security of unlocking an Android based device, the future is near?

In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing.  Everyone that has an Android-based device knows they do not have to

Kelihos: not Alien Resurrection, more Attack of the Clones

How the Kelihos botnet survived a stake through the heart, and some alternatives to garlic and silver bullets.

SKYPE: (S)ecurely (K)eep (Y)our (P)ersonal (E)-communications

SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November

Changing how people see the malware threat: images can make a difference

This is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective

Security professionals DO use anti-virus

And you should also bear in mind that some of the security experts who are denigrating AV en masse right now have their own commercial agendas to push, in favour of other technologies that are not the 100 Per Cent Solution either.

Information Security Disconnect: RSA, USB, AV, and reality

The world's largest information security event, the annual RSA Conference, is over for another year. Most of the more than 18,000 people who attended the 2012 gathering are probably back home now, getting ready to go into the office. What will be top of mind for them, apart from "How did I manage to survive

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
31 Mar 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.