category
General

Halloween: There’s Something Scary In Your Search Engine

We told you to watch out, didn't we? (see Randy's blog at http://www.eset.com/threat-center/blog/2009/10/23/this-is-the-funniest-video-ever). But it's not just Michael Myers, zombies and vampires you need to watch out for. It's also Funny Halloween Costumes, Harvey Milk, Pumpkin Carving Stencils, candy, Pokemon, and McDonalds Monopoly online. Yes, the fake/rogue AV gang have started on their Halloween special,

Fake Anti-Malware: Blurring the Boundaries

It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see http://www.eset.com/threat-center/blog/category/fake-anti-malware-fake-software). However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware

Fake Windows Update

[Update: I notice that at about the same time that I posted this, Sophos also flagged a blog reporting a somewhat similar fake update for Microsoft Outlook/Outlook Express (KB910721). The message is a lot different and links to a different site pretending to be Microsoft's update site, but is clearly not to be trusted. So the

So What Is AMTSO Compliance?

The AMTSO (Anti-Malware Testing Standards Organization) meeting in Prague, which took place at the beginning of this week, proved to be rather more exciting than you might expect from a group with the word "Standards" in its name. One of the issues that caused particularly lively debate centred around the question of what constitutes AMTSO

The Truth About Cybercrime

I was quoted last month in an article at PC Retail (http://www.pcr-online.biz/features/305/The-truth-about-cyber-crime), which is nice. However, I just came across the notes I made at the time of the original enquiry/interview, most of which wasn’t used, so here are my full responses to the questions Andrew Wooden asked, in case they’re of interest. (Actually, they’re slightly expanded and I’ve

We’re going on a job hunt…

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

VB 2009: Another View

SEO Poisoning: What’s in the News Today?

Search engines are free, powerful and efficient tools. But the same tools can be used to exploit the unsuspecting visitor who trusts the search results. Malicious SEO (Search Engine Optimization) is one such tactic where criminals spread malware through infected websites and poisoned search results. (This is sometimes referred to as index hijacking or SEO

Cybersecurity Awareness Month – Awareness for the Next Generation

"Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and

Microsoft Security – Essential?

People keep asking me about Microsoft’s newly released Security Essentials free anti-malware (formerly known as Morro). Randy and I both blogged about it at some length back in June – see http://www.eset.com/threat-center/blog/category/microsoft-security-essentials and http://www.eset.com/threat-center/blog/2009/08/03/more-free-lunches, for instance – but there’s still a lot of interest in the impact that the product is likely to have on ESET

Making Malware

McAfee Avert Labs has been advertising a "Malware Experience" session for the "Focus 09" security conference, which offers attendees the chance to "to work with a Trojan horse, commandeer a botnet, install a rootkit and experience first hand how easy it is to modify websites to serve up malware." Actually, this text has been modified: it

Postcard from Geneva

Virus Bulletin 2009 is now in full swing, though meetings and other issues have kept me from seeing as much as I’d like. Still, excellent opening and keynote speeches, and a very interesting talk on cyber-insurance from Pascal Lointier. (A bit of a first for me: though I’ve been attending VB most years since 1996 and

That BT Scam Again

A few days ago, I mentioned an email chain letter that’s going round in the UK about a scam where where "the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim,

Hold the jemmy a second, I need to check Facebook

The Journal of West Virginia reported yesterday that 19-year-old Jonathan G. Parker was charged on Tuesday with felony daytime burglary. He’s alleged to have stolen two diamond rings worth more than $3,500, but to have taken some time out to access his Facebook account on the victim’s laptop. If the report is correct, it seems that

Yahoo Group Spam

There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like

Fake ICE and Hot ICE

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me. I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
29 Oct 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.