More Technical

Dancing Penguins: a case of organized Android pay-per-install

For years, cyber criminals have organized their operations and traded resources through discussion forums and auction sites. One popular item to trade is access to virus infected PCs for cash. These trading schemes are often called pay-per install (PPI) programs. We have recently started an investigation on a new type of pay-per install program, this

Threat Reports and other Information

Information about the August Global Threat Report and where to find other ESET resources

Irish Ransomware Report

Well, that was a little unexpected. The Irish Times has reported the discovery of the “first Irish language virus“. (Further checking suggests that the story may have originated with the Donegal Daily.) Actually, it sounds less like a virus – there’s no indication of whether it self-replicates – than the kind of ransomware that we’ve

ATM Security? Don't bank on it.

The odds against losing money may be better with cash machines than fruit machines, but why neglect simple, obvious precautions?

Low tech Romney tax return hack could be lesson in physical security

So, we read that one or more hackers claim to have gained access to Mitt Romney’s tax records, reported first in a Nashville paper, then in the tech/business press. The hack allegedly took place at the Franklin office of PriceWaterhouseCoopers just outside of Nashville, and PWC has alleged that no such thing happened. We have

Confusion Abounds in Apple-FBI-AntiSec-iOS-UDID-PII Breach

If I sound confused it’s because I just saw my wife’s iPhone and iPad in a very strange place: a million line spreadsheet of iOS device data that includes the unique identifiers of her devices and the names she had given them, published by a group of hackers who call themselves AntiSec. This group claims

Finfisher and the Ethics of Detection

AV companies obey the law and cooperate actively with law enforcement. That doesn’t mean they turn a blind eye to government spyware.

FinSpy and FinFisher spy on you via your cellphone and PC, for good or evil?

We read that “FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc.’s iPhone and Research in Motion Ltd.’s BlackBerry…”, at the opening of a Bloomberg article that several readers of the ESET blog sent us yesterday, along with a number of questions that boil down

Java zero day = time to disable Java, in your browser at least

Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT

The Cloud for SMBs: 7 tips for safer cloud computing

Ahead of next week’s VMWorld in San Francisco, here are some thoughts on the safe use of cloud computing for smaller businesses, along with a podcast (see the link at end of the post). The Cloud concept, a flexible Virtual Machine (VM) based system that allows rapid expansion and dedicated functionality without hiring new staff,

Support scams and Quervar/Dorifel

More information about how tech support scammers have been using the Quervar/Dorifel outbreak to trick Netherlanders into giving them access to their systems and credit cards.

AMMYY warning against tech support Scams

Ammyy is eager to disassociate its service from Indian tech support scammers misusing it, and has some good advice for victims and potential victims.

Carbon Dating and Malware Detection

Carbon Black assert that if an AV company doesn’t detect malware within six days of its being flagged on Virus Total, it probably won’t after a month. Is that as dangerous as it sounds?

Quervar Induc.C reincarnate?

Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the

FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law

A crime wave of malware that demands money from victims to avoid prosecution by the FBI has been alarming web surfers across America. Victims suddenly find their computer frozen, and an official-looking  page, like the one shown below, is displayed in their web browser. The FBI and the Internet Crime Complaint Center (IC3) have received

Bad password choices: don't miss the point

Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of

Photo tagged on Facebook = getting tagged at physical stores now too?

A new tech startup that produces facial recognition camera systems tied to Facebook tagged photos, plans to offer the technology to more traditional physical stores so they could offer you appropriate deals as you enter their business. That’s great for stores who want to have more targeted information about you, based on a bit of

Interconnection of Gauss with Stuxnet, Duqu & Flame

Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution.  Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.

Win32/Gataka banking Trojan – Detailed analysis

Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we

Dorifel/Quervar: the support scammer's secret weapon

The threat of the Dorifel/Quervar malware spreading in the Netherlands is being used by telephone scammers to trick local PC users into paying for ‘protection’.

Follow us

Copyright © 2015 ESET, All Rights Reserved.