category

Sebastián Bortnik

Enterprise Security: the Ten Commandments

…So here are what we consider to be the 10 commandments of corporate security…

Osama bin Laden is alive and well… on Facebook

The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth.  As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates

Global malware thrives on the demise of a global terrorist

[NOTE:  As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook.  Click here to view their article in Spanish. We will follow up on this shortly.  AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues

Incidents on Facebook

My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making

Twitter Botnet Update

[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.

Botnet for Twits, Applications for Dummies

Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies

Massive New Koobface Campaign

Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see

Here Come (more of) The Ghouls

[Update: it's likely that the attacks described below will also take advantage of the more recent bombings in Dagestan, as described by the BBC here. Isn't it bad enough that horrors like this take place at all, let alone provide revenue for cybercriminals?] Late last  night (30th March) I added a pointer to my earlier

New White Papers

Two new white papers have been posted on the white papers page at http://www.eset.com/download/whitepapers.php. (1) "Ten Ways to Dodge CyberBullets" by David Harley Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worst-dressed French poodles, the 10 most embarrassing political speeches and

English Version of HTTPS video

As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/.  Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it  http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https   Thanks, Sebastián! David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog ESET Threatblog notifications on Twitter:

HTTPS revisited – Spanish video

Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https – Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

Slideshare update

Further to yesterday’s blog at http://www.eset.com/threat-center/blog/2009/08/03/slideshare-used-to-spread-malware, I hear from  Sebastián Bortnik that the account holder that posted those malicious slides to Slideshare has been banned, and the slide decks are no longer available. However, he (the black hat, not Sebastián!) had managed to post 2,473 slides with malicious links before he was stepped on: see

SlideShare used to spread malware

Over the weekend our colleagues at ESET Latin America found that Slideshare was being used to spread malware. As they haven’t found much information on the web about this, Sebastián Bortnik blogged today about what they found. (Errors in translation and interpretation should be attributed to David Harley!) I’ve added some thoughts and some content

Follow us

Copyright © 2016 ESET, All Rights Reserved.