Author
ESET Research
ESET Research

Windows exploitation in 2013

The year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users.

Versatile and infectious: Win64/Expiro is a cross-platform file infector

Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called

Anonymous and the Megaupload Aftermath: Hacktivism or Just Plain Ugly?

Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but

October: Facebook Facepalm, Feeling Safe Online, and a Small Tsunami

ESET’s Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.

New Apple OS X Malware: Fake Adobe Flash Installer

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then

PDF Trojan Appears on Mac OS X

  A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.   When the user opens the “PDF” file, it attempts to mask the installation

Is Google Plus the Rumble in the Jungle?

If you don’t remember the Rumble in the Jungle, it was a boxing match between George Foreman and Muhammed Ali. Back in 1974 names like Foreman and Ali were as famous as companies like Google and Facebook are now. Google, like the older Ali, has been taking punches in the early rounds of the social

Google+Facebook Equals Time Bomb

An application written to allow integration between Facebook and Google Plus may be all you need to compromise your computer. According to a PCWorld report an application called Google+Facebook used a well known programming worst practice of downloading a JavaScript file upon launch. If you aren’t real technical and don’t know what this means, I

Zuckerberg appears to Think Google Plus Will Slay Facebook!

I’ve been using Google Plus almost as long as it has been around, which is a sneaky way of saying I am a noob to it :) Frankly, at this point I do not see anything particularly novel or sensational. I just haven’t seen the killer feature that will vanquish the Facebook megalith, but perhaps

Parents, Teachers, Schools and Churches Sieged by Zamzuu’s KidZafe Sales Force

This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee

Facebook Video Calls powered by Skype

With Facebook’s launch of video chat powered by Skype underway and enabling a new level of communication on its platform, we take a look at permission settings and privacy options.

Google Prepares to Share Your Contacts with the World… Again

Cameron Camp just blogged about the announcement that Google is going to delete all private profiles at the end of July. This really wouldn’t be a big issue if it wasn’t for the fact that Google is as two faced as you get on privacy and has a history of neglecting user privacy, such as

Facebook Facial Recognition – A picture is worth a thousand words

Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in

Well That Was Embarrassing

Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the

Do you Use Tumblr? Beware!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users

Windows Rootkit Requires Reinstall?

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.

LinkedIn Privacy: An Easy How-to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

The Social Networking/Cybersafety Disconnect

Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%

Anti-Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

I Can Neither Confirm nor Deny

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?” What do all of these links below have in common? You don’t have to read them, I’ll tell you.. http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.