So who’s to blame? First and foremost, the victimizers. Well, persistent victims, yes. And anyone in the security industry who pushes the TOAST principle, the idea that all you have to do is buy Brand X and you never have to take responsibility for your own security. Though, of course, “who’s to blame?” is the wrong question: what matters is “how do we fix it?”

*http://en.wikipedia.org/wiki/Skeeter_Davis  Here in the UK it's just turned 6pm on the 21st May, which apparently means I'll shortly be either invited to a rapturous celestial street party or subjected to various unpleasant experiences starting with a giant earthquake and ending with a front seat at a subterranean bonfire on or before 21st October. Though according to

You may not be aware that ESET writers have been supplying blogs to SC Magazine for a while now. Recently, Randy Abrams and I were drafted in after the original contributors moved on, and we started contributing this week: Poachers and Gamekeepers considers whether there is a conflict of interest when AV companies work with

[Update: more information from ESET on this malware here.] Last October, my colleague Tasneem Patanwala blogged about rogue antivirus masquerading as an ESET product. In that instance it was a product calling itself Smart Security, and Tasneem's blog includes lots of useful information about that particular malware, and fake AV in general. Looking through my

Kurt Wismer posted a much-to-the-point blog a few days ago about the way that purveyors of scareware (fake/rogue anti-virus/security products) mimic the marketing practices of legitimate security providers. You may remember that a while ago, I commented here about a post by Rob Rosenberger that made some related points. If you’re a regular reader of

All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, “FP rage” is certainly understandable.

Further to my last blog here, it seems that I've been missing some serious fake AV telephone scam action. Some links provided by my good friend Steve B. Nice one, Steve. :) ALERT: metsupport.com – yet another telephone based fraud (aka SupportOnClick revisited – again) http://hphosts.blogspot.com/2010/06/alert-metsupportcom-yet-another.html techonsupport.com, click4rescue.com, pcrescueworld.com: SupportOnClick revisited http://hphosts.blogspot.com/2009/12/techonsupportcom-click4rescuecom.html SupportOnClick: Phoned by

The individual concerned had received a phone call from someone claiming to be from Microsoft, and informing him that notification had been received concerning a virus infection on his PC, and offering to help him to install antivirus software. When asked what antivirus software was being offered, the caller claimed that it was ESET’s.

Adobe 0-days are not the only way in which you can be bitten by a PDF.

Juraj Malcho, Head of Lab at Bratislava, reports: We've just encountered what appears to be a new Facebook scam in the wild. As of this moment we haven't seen any malicious content being served, but the content is changing even as I’m writing this post and it’s likely to serve malware soon. It spreads by adding