Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science. A Fellow of the BCS Institute (formerly the British Computing Society), Chartered IT Professional, Certified Information Security Systems Professional, BS7799/ISO27001 Lead Auditor.

Highlights of your career? Office administration, programming, and IT support at Royal Free Hospital, then with Human Genome Project. System administration and support, then security analyst at Imperial Cancer Research Fund (now Cancer Research UK). Wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming, security etc. I presented my first conference papers in 1997 (at Virus Bulletin and SANS), and soon after inherited the Mac Virus web site, which I still run as an independent security information resource. In 2001 I joined the UK’s National Health Service, where I ran the Threat Assessment Centre until 2006, acquired qualifications in computer security, security audit, and service management (ITIL), and was the go-to person nationally for issues related to malware. Viruses Revealed, published the same year by Osborne, wasn’t my first security book (I’ve written or contributed to about a dozen) but it was the first to make a real impact and was published in 2001: that, and the AVIEN Malware Defense Guide (Syngress), to which Andrew Lee also contributed, are probably the best known of my books.

Position and history at ESET? Senior Research Fellow at ESET N. America. I’ve worked with ESET since 2006, primarily as an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Essentially, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of the gangs behind phishing scams and banking Trojans, fake AV, 419s, support scams and so on, I can see that it’s easier to be honest in a relatively prosperous environment, if there is such a thing anymore, and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still play semi-professionally when time allows), songwriting, recording, listening to other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth. Even this adage.

When did you get your first computer and what kind was it? Amstrad PCW in 1986. It ran a version of CP/M and came with an integral printer, word-processing software and versions of BASIC and Logo. I moved on to an 8086 when I got my first job in IT. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse, articles). Artwork and digital photography.

More Info

New Support Scam Gambits: Frozen Virus a Frozen Turkey

New variations on the ‘pay us to fix your non-existent viruses’ scam: Windows Indexing, the Frost Virus, and scam globalization.

Support Scams and the Surveillance Society

Even if you really do have an infected system, it doesn’t mean that anyone who rings out of the blue knows as much about you and your PC as they want you to think.

Wauchos Warhorse rides again

Win32/TrojanDownloader.Wauchos, a Trojan downloader that peaked briefly back in May, is enjoying a resurgence in the UK and Europe thanks to an energetic spam campaign.

Windows 8: there’s more to security than the Operating System

Disasters, new hardware, new software: to the phish scammer, it’s all potential bait for reeling in victims.

Online Shopping and a Phishing Pheeding Phrenzy [3]

A shortened and updated version of the advice that David Harley and Andrew Lee gave to potential phish victims in an earlier paper. Part 3 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

Online Shopping and a Phishing Pheeding Phrenzy [2]

Phishing scams and online shopping. Part 2 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

Online Shopping and a Phishing Pheeding Phrenzy

Basics of phishing. Part 1 of a three-part article on phishing scams old and new, and some of the ways to recognize the baited hook.

PC Support Scams: a Forensic View

A paper for the Cybercrime Forensics Education and Training Conference looking at forensic issues that arose during our research into Tech Support Scams.

Telephone Scams: it’s not all about PC support

Recently, I’ve been hearing about and receiving phone calls from people with Indian accents about something a little different from the classic your PC is virus-infected but you can pay me to get it fixed’ support scam.

Malware and Medical Devices: hospitals really are unhealthy places…

Mass murder by pacemaker hacking isn’t the likeliest scenario, but clinical tools and SCADA devices still deserve serious security scrutiny.

Telescammer Hell: What’s Still Driving The PC Support Scammers?

FTC action isn’t diminishing the volume of reported support scam calls and losses: what’s driving the people behind the scam, and what does the future hold?

Virus Bulletin 2012 Slides

The slides for many of the presentations by ESET researchers at VB 2012 can now be found on the Virus Bulletin conference web pages.

PC Support Scams – Virus Bulletin paper

Another year, another fine Virus Bulletin conference come and gone. And some of us even got long-service badges. (My first VB was in 1996, and my first VB presentation in 1997, but there are people like our own Righard Zwienenberg whose attendance record goes back way further.) (Yes, it did rain the last day or

Choosing a non-obvious PIN

There is very little research data on PIN prevalence available, so analysis of a new dataset of 4-digit passcodes can’t be ignored.

Ransomware Part III: another drop of the Irish

Where to find more information about current trends in international ransomware design.

Ransomware Part II: not just an Irish problem

More on the Gaelic ransomware, and how to spot ransomware in your own language, even if you aren’t Irish.

Nitol Botnet: You Will Never Break The Chain

Nitol versus Michelangelo: the supply chain is much more than the production line.

Threat Reports and other Information

Information about the August Global Threat Report and where to find other ESET resources

Irish Ransomware Report

Well, that was a little unexpected. The Irish Times has reported the discovery of the “first Irish language virus“. (Further checking suggests that the story may have originated with the Donegal Daily.) Actually, it sounds less like a virus – there’s no indication of whether it self-replicates – than the kind of ransomware that we’ve

ATM Security? Don't bank on it.

The odds against losing money may be better with cash machines than fruit machines, but why neglect simple, obvious precautions?

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.