Tech Support Scams: Second Byte at the Cherry

Is there really anything new to be said about tech support scams? Unfortunately, the FTC tells us there is. Not only because people are still falling prey to this type of fraud, but because the scammers are still finding new approaches to harvesting their victims’ credit card details. Some quite interesting, sophisticated technical tricks are

The Stuxnet Train Rolls On…

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)

Stuxnet, SCADA and malware

Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database. One aspect that’s attracted attention on specialist lists is the mention of a large US power company

Langner, Stuxnet, US and Israel.

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Nice Stuxnet Commentary and Hype Deflation

Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I

More on Stuxnet

A few more developments in the Never-Ending Story: Michael Joseph Gross on A Declaration of Cyber War in Vanity Fair. Despite a somewhat breathless tone in the introduction – "the world’s top software-security experts were panicked by the discovery of a drone-like computer virus" (where's my Valium?!) – actually a comprehensive and largely accurate account. It

Stuxnet, Iran and Anonymous

Links to two Stuxnet-related stories have been added to the resources page at /2011/01/23/stuxnet-information-and-resources-3/. Kim Zetter, in Wired's "Threat Level" column Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, summarizes the latest update to Symantec's Threat Dossier. Symantec researchers now believe that Stuxnet targeted five organizations in Iran as staging posts

Added to Stuxnet resources page…

…an article by William Gibson (yes, that William Gibson) draws a connection between Brain (a 25-year-old PC virus) and Stuxnet. 25 Years of Digital Vandalism. He doesn't seem to think much of Stuxnet, drawing a much-to-the-point riposte from Bob McMillan: http://twitter.com/#!/bobmcmillan/status/30533396702699520. Links added to Stuxnet Information and Resources (3). David Harley CITP FBCS CISSP ESET

Stuxnet Information and Resources (2)

[Update 23rd January 2011: volume 3 of this resource has just kicked off at /2011/01/23/stuxnet-information-and-resources-3/: volume 1 is at /2011/01/03/stuxnet-information-and-resources/.] @imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even. I hope he won't think I'm fawning by maintaining resource lists in

Stuxnet updates #umpteen

Added to the Stuxnet resources article 19th January 2011…

More Stuxnet Fallout

Added to the Stuxnet resources page today … something of a second wave of commentary that’s a little more cautious about accepting the NYT’s conclusions.

Added to Stuxnet resources page

Tony Dyhouse writes in SC Magazine about the political implications for the security community of the Stuxnet and Wikileaks incidents. The link has also been added to the Stuxnet resources post at /2011/01/03/stuxnet-information-and-resources/5731 on 14th January 2011.. David Harley CITP FBCS CISSP

Stuxnet Information and Resources (1)

The Stuxnet analysis “Stuxnet Under the Microscope” … has, unlike most ESET white papers, been subject to a number of revisions as we’ve come to know more about the malware itself, and as the purposes of its perpetrators have become clearer. However, since all the known vulnerabilities exploited by Stuxnet have now been patched, version 1.3x of the document is likely to be the last substantial revision.

Stuxnet Analysis Update

Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers.

Strong passwords: deja vu all over again

Since never changing your password isn’t generally a realistic option, and some sites actually prevent you from using good passwords and, even better, passphrases, we’ve produced a number of articles and papers on the topic to help make it easier to follow good practice, even when your provider seems set on preventing it. Here they are as a list, to make it easier to follow.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

6 articles related to:
Hot Topic
07 Jan 2014
ESET Virus Radar


Select month
Copyright © 2014 ESET, All Rights Reserved.