Support Scam: Old Racket Still in Service

One of the support scam sites used to mislead victims may be down, but the scam definitely isn’t about to go away.

Tech Support Scams: Second Byte at the Cherry

Is there really anything new to be said about tech support scams? Unfortunately, the FTC tells us there is. Not only because people are still falling prey to this type of fraud, but because the scammers are still finding new approaches to harvesting their victims’ credit card details. Some quite interesting, sophisticated technical tricks are

Shady Business

We (AVIEN) devoted quite a lot of space to one Chinese operation, the NCPH group, in the “AVIEN Malware Defense Guide for the Enterprise”

Phishphloods: Not all Phishing is Spear-Phishing

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

McAfee and SEO poisoning: there but for the grace…

ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please

Good Password Practice: Not the Golden Globe Award

The Boston Globe suggested  that changing passwords is a waste of time, based on their interpretation of an article by Herley Cormac. Cormac's paper – well worth reading, by the way – reinforces a point that has been made many times both by me and by the "user education doesn't work" lobby. While I don't believe that education is useless,


We seem to have pointed out rather often recently that giving away lots of information on Facebook, Twitter and other social network sites isn't a good idea. PleaseRobMe claims, somewhat amusingly, to be a resource for burglars, saving them the trouble of searching through Twitter and Foursquare for information on whose house is currently unoccupied. In

Your Data and Your Credit Card

[Update: I had a couple of machine crashes while I was writing this, and only just realized that a pointer to Allan Dyer's excellent article at http://articles.yuikee.com.hk/newsletter/2009/12/a.html hadn't survived to the final version. Which is a pity, because it's very relevant, and well worth reading.] Over the weekend, I posted a blog on the AVIEN site

Qinetiq Energy: A Patent Leathering

[Update: Michael St Nietzel also pointed out that there's an issue with installers that verify a checksum before installation. In fact, this is a special case of an issue I may not have made completely clear before: unless this approach is combined with some form of whitelisting, there has to be some way of reversing the modification

AVIEN blog: Absolute Elsewhere

Strangely enough, I'm actually encouraged to contribute to other blog pages, perhaps in the hope that I'll stop cluttering this page with rubbish about iPhones. Today I've finally remembered that I'm supposed to contribute regularly to the AVIEN blog page at http://avien.net/blog/. You might find these a little lighter in tone than I tend to

AVIEN and Testing

Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at http://www.avien.net (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at http://www.avien.net/blog, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

Confounding Conficker

[Update: Spiegl Online reports (in German!) that the total may be as high as 50 million infected machines: however, this figure seems to be extrapolated from the number of infections picked up Panda’s online scanner. Statistically, I’m not sure it makes any sense at all to try to correlate this self-selecting sample to the total population of

The Morris Worm: a Malware Prototype

In “Viruses Revealed”, Robert Slade and I said that “”In many ways, the Internet Worm is the story of data security in miniature.”

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar


Select month
Copyright © 2014 ESET, All Rights Reserved.