Tell ESET about Facebook malware

Here's something I noticed today on the ESET Facebook page at http://www.facebook.com/esetsoftware. (There is, of course, also an ESET North America page at http://www.facebook.com/esetusa, but this is the European page. There are lots of local ESET pages too, too many to list here.) As Facebook continues to attract more pages and videos containing malware, we

Google: your private profile – now public

Google, in an effort to get more squarely into the center of the social networking scene, is implementing a system where private profiles you may have created in Gmail will become public after July 31, or you risk account deletion. While the information on the profile that is made public will be limited initially, the

Stop spam/botnets? Follow the money

It’s no secret that spam/botnets are big business. There are a multitude of variations on a familiar theme, but after they trick unwitting users, what happens to the money? University of California wondered the same thing. In their recent report, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” they analyze where the money goes,

The more things change, the more they stay the same

It's something of a truism, that 'old viruses never die', and that certainly seems to be the case for some of the older, more widespread, email worms. In this interview (http://www.signonsandiego.com/uniontrib/20041129/news_lz1b29five.html) back in 2004, I talked about an email worm called "Win32/Zafi.b" which, at the time, had recently been spreading on a global scale. However,

New U.S. law: nasty website killswitch

In a new twist on a familiar theme, legislation is being proposed to allow a court order to require providers to “shut off” websites deemed to be “dedicated to infringing activities.” This would allow websites to be shut down immediately, without any final court judgment of wrongdoing, or site owner notification. If the “PROTECT-IP Act”

Arizona DPS: hacked again – still – really?

On Wednesday we heard additional documents had been leaked from the Arizona Department of Public Safety (DPS). “Will this ever end?” has to be the most commonly-asked question in Arizona nowadays at the DPS. The original attacks last week were claimed by the group LulzSec, which was making the rounds exposing private information through hacking

Weapons systems with feet of China clay

At a time where the West is, generally speaking, not at the top of its game economically, I can see why defence contractors, like anyone else, are anxious to save money, but outsourcing critical systems purely for economic advantage in the hope of submitting the lowest tender is a risky strategy.

TDL4: Less hype, more history

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It’s introduced new twists on old ideas like P2P networks and hiding malware.

Government hackers hit al-Qaida?

Al-Qaida appears to have had its web communications hit by hackers, thwarting its continued effort at updating the world about its activities. It appears that a good portion of their global web presence has been affected. A year ago a similar style attack halted their web communications. According to Evan Kohlmann from Flashpoint Global Partners,

Facebook Facial Recognition – A picture is worth a thousand words

Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in

Well That Was Embarrassing

Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the

Do you Use Tumblr? Beware!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users

Windows Rootkit Requires Reinstall?

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.

Sony lawsuit: security experts fired prior to breach

A lawsuit being leveled against Sony relating to the recent breach activity alleges they skimped on security experts, laying off a batch of professionals prior to the events. The suit, seeking class action status, is being brought by Felix Cortorreal, Jimmy Cortorreal, and Jacques Daoud Jr., who claim they were directly affected by the data

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on

TDL Tracking: Peer Pressure

Recently … our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen earlier … we discovered that it implements a particularly interesting network communication protocol …

FBI nabs international “scareware” ring

Long a puzzling challenge, the FBI seems to be making strides in tackling international coordinated scams, in this case, scareware. Scareware, the practice of providing fake infection notifications to users’ computers, and then offering to sell solutions to problems that don’t exist, has been quite a boon as of late for fraudsters. FBI claims the

Giving Cold Callers the Cold Shoulder

…And therein lies a problem that goes beyond support scams. The telephone network, like the Internet, isn’t very good at recognizing national boundaries. Which is why I have a couple of rules of thumb when it comes to cold callers…

EU to urge shorter data breach notification times

Following a string of data breach notifications which seem to be less than forthcoming, the EU is urging much stricter guidelines for data breach reporting timelines. It a recent article, European Commissioner Viviane Reding was shocked “that companies needed two or three weeks to inform people that their personal data had been stolen.” Recently I

Calling for Backup

…what I had principly in mind at that point was the impact of some 4,800 of its customers whose businesses may have been threatened when data, sites and email on four of its servers were lost…

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
our experts

Rob Waugh

Jean-Ian Boutin

David Harley

Graham Cluley

Stephen Cobb

Olivier Bilodeau

Aryeh Goretsky

Lysa Myers

Benjamin Vanheuverzwijn

Pierre-Marc Bureau

Righard Zwienenberg

Robert Lipovsky

Guest Writer

Cameron Camp

Marc-Etienne M.Léveillé

Joan Calvet

Pablo Ramos

Andrew Lee

Sebastián Bortnik

Peter Stancik

Copyright © 2014 ESET, All Rights Reserved.