Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

More Info

Imperva, VirusTotal, and whether AV is useful

Offending the AV industry is one thing, but do you want to base a security strategy (at home or work) on a PR exercise based on a statistical misunderstanding? (Yes, I’m being diplomatic here…)

Phishing and malware – keep Smiling through…

Three current phishing gambits and email-borne malware currently getting past normally efficient email filtering.

Phishing and the Smile on the Face of the Tiger

Two rough and ready phishing emails that nevertheless tell us a great deal about the social engineering underlying more sophisticated, graphic-rich scams.

Malicious Apache Module: a clarification

Apache modules are add-on code taking advantage of the Apache module API to extend the functionality of the standard Apache distro. In this case, the binary’s functionality was malicious, but there is no exploitation of a known Apache vulnerability in this case.

A Load of (Red) Bull

A hoax/chain message claiming that a well-known energy drink poses a serious threat to health, is now spreading on Facebook.

Diamonds are forever, and so are investment scams

Tempted to invest in colour diamonds or collectible bottles of wine? That irresistible offer could be a boiler room scam.

Maryam Abacha rides again: yes, Virginia, there IS a Sani-ty Clause!*

419 (Advance Fee Fraud) scams aren’t amusing to the victim, but the chutzpah of a dictator’s wife claiming her $700m Swiss bankroll back is worth a chortle.

Spying on Tibetan sympathisers and activists: Double Dockster*

Does the expression 'In the Wild' still mean anything today? Well yes, in the sense of something that is 'out there' threatening real-world systems. But things move a lot faster these days than they did in the 90s and later, fastburning mass-mailers notwithstanding. Just a few days ago (on the 30th of November, to be

Premium Rate Scams and Hoaxes

Not all premium scam alerts are useful, but that doesn’t mean that premium rate telephone scams aren’t a significant problem.

New Support Scam Gambits: Frozen Virus a Frozen Turkey

New variations on the ‘pay us to fix your non-existent viruses’ scam: Windows Indexing, the Frost Virus, and scam globalization.

Support Scams and the Surveillance Society

Even if you really do have an infected system, it doesn’t mean that anyone who rings out of the blue knows as much about you and your PC as they want you to think.

Wauchos Warhorse rides again

Win32/TrojanDownloader.Wauchos, a Trojan downloader that peaked briefly back in May, is enjoying a resurgence in the UK and Europe thanks to an energetic spam campaign.

Windows 8: there’s more to security than the Operating System

Disasters, new hardware, new software: to the phish scammer, it’s all potential bait for reeling in victims.

Online Shopping and a Phishing Pheeding Phrenzy [3]

A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

Online Shopping and a Phishing Pheeding Phrenzy [2]

Phishing scams and online shopping. Part 2 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

Online Shopping and a Phishing Pheeding Phrenzy

Basics of phishing. Part 1 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

PC Support Scams: a Forensic View

A paper for the Cybercrime Forensics Education and Training Conference looking at forensic issues that arose during our research into Tech Support Scams.

Telephone Scams: it’s not all about PC support

Recently, I’ve been hearing about and receiving phone calls from people with Indian accents about something a little different from the classic your PC is virus-infected but you can pay me to get it fixed’ support scam.

Malware and Medical Devices: hospitals really are unhealthy places…

Mass murder by pacemaker hacking isn’t the likeliest scenario, but clinical tools and SCADA devices still deserve serious security scrutiny.

Telescammer Hell: What’s Still Driving The PC Support Scammers?

FTC action isn’t diminishing the volume of reported support scam calls and losses: what’s driving the people behind the scam, and what does the future hold?

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.