A Little Light Reading

I’ve just found out that I have another book out. Well, a single chapter in a three volume set called The Handbook of Computer Networks. (The chapter is on E-Mail Threats and Vulnerabilities: thank you for asking.)   "I’ve just found out…" probably sounds quite disingenuous. How could anyone not know they had a book

Happy Birthday CastleCops!

  Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes.   Today it is a very great pleasure to wish a happy

Storm in a D-Cup

Bot-hunters were somewhat puzzled recently when a botnet called Mega-D suddenly started grabbing headlines as the successor to the Storm (or Nuwar) botnet. Though the Storm network does seem to have declined in overall numbers over recent months, reports of its demise still seem exaggerated, and no-one seemed quite sure what Mega-D was and where it

NDSS 2008

Last week our home town of San Diego was host to the Network and Distributed System Security Symposium held by the Internet Society. This conference represented a good opportunity for us to learn the latest research topics under investigation by the academic community.   David Dagon and his team from GA Tech presented an interesting

Less Worms than Leeches

As you might guess, the New Scientist article on the Microsoft research "friendly worms" paper excited more annoyance than admiration, not only here but elsewhere in the research community. However, when a link to the actual paper turned up (thanks to Jimmy Kuo for pointing it out), it turned out be rather less dramatic. While it does refer to

Worms and Leeches

Every so often, an old wheel is reinvented. In the anti-malware game, an old favourite is what Dr. Fred Cohen used to call the "benevolent virus" or "maintenance" virus. Dr. Cohen’s early research and commentary remains the formal basis for much of the way we think about malware and anti-malware today. Several pages in "A Short

I AMTSO Happy to be here!

Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on

The Anti-Spyware Coalition Public Workshop

Back in December of 2006 I posted an entry titled “The Spirit of Cooperation”   Today I am attending the Anti-Spyware Coalition Public Workshop in Washington DC. It is a very satisfying feeling sitting with staunch allies in the fight against spyware, adware, and other threats. Who are these allies? You would probably call

Ongoing Web Infection

Last week, we had reports of a number of web sites being hacked and used to distribute malicious software.  The web sites are spread through various countries including Brazil, Pakistan, the United Kingdom, France, and of course the United States.  At the moment, it is hard to tell how the servers were compromised.  All of

Are You Ready for Valentine’s Day?

Got the flowers ordered? Dinner plans? eCard? Wait, eCard? I didn’t send her an eCard. The bad guys are ready for Valentine ’s Day. Actually they are not waiting. The jerks that brought you the storm worm are back at the eCard scam with amorous incantations about an  eCard for you.   As a rule of

Nuwar for Valentine’s Day

It shouldn’t be a surprise to anyone that the Nuwar gang has released a new version of their social engineering scam for Valentine’s Day; they are just a bit early. The gang has started again sending spam messages with subjects related to love.  The body of the e-mails contains a short message and a link

Nuwar Phishing

There was another twist today in the Nuwar story:  it is now being used to host phishing sites.  The gang behind this prolific malware has registered several  domain names similar those used by well-known banks such as Barclays and Halifax and is directing web requests for these misspelled domain names to computers infected with Nuwar. 

More Nuwar for the New Year

The gang behind the Nuwar threat (also called Storm Worm or Zhelatin) has been very active during the holidays.  They have been sending numerous waves of spam in an attempt to infect as many users as possible. The gang is taking advantage of the fact that a lot of researchers are taking some time off

Beware of Imposters

There seems to be a common belief that malware only lands on a computer through e-mails. This is far from being the case. Our ThreatSense statistics shows that a lot of Internet users fall for social engineering on web pages and are tricked into installing fake programs. As David Harley pointed out on his blog

New Nuwar for Christmas

At midnight GMT time, we started receiving reports of a new wave of Nuwar e-mails.  The e-mails contain the following text trying to convince a user into visiting a malicious website:     This Christmas, we want to show you something you will really enjoy. This might not be fun for the whole family, but


PLEEEEASE Infect me   This is what Windows says when you install it. You see, there is a default setting called “autorun” that will automatically run a program when you insert a CD or DVD or thumb drive into your computer. The idea is that you put the media in there to run a program,

Good Bye Seoul!

This year’s Association of Antivirus Asia Research (AVAR) conference was held in Seoul, Korea.  The conference ended this evening after two days of presentations and discussions.   The conference was a good opportunity to learn more about specific threats targeting Asia.  We learned that online game information stealing is prevalent in this part of the

PaChat Targeted Attack in Canada

At the end of last week, we were made aware of a new targeted attack. The social engineering strategy and malware construction caught our attention because of its sophistication.  The threat came as an e-mail addressed to a director at a company based in Canada.  The e-mail was addressed with the full name, street address

Bot Stories

Computer experts are familiar with the .com file type. The .com extension is often used by binary program files under MS-DOS. Why is this important? Because anything that has the ‘.com’ extension on a windows system is considered as an executable file and is executed when a user doubles click on it. The same is

What’s a redirect and why is it bad?

  A redirect is a way to take a web surfer to another site. Redirection is very useful when done right. Instead of getting an error message that the page cannot be found you can be redirected to a page that helps you find what you are looking for. At ESET we use redirects properly.

Follow us

Copyright © 2016 ESET, All Rights Reserved.