…So here are what we consider to be the 10 commandments of corporate security…

April? Haven't we moved on from there? Well, yes, but ESET's ThreatSense report for April does include, apart from some information on the top ten threats for the month, a feature article by Urban Schrott on the far-from-dead 419 scam, some information on recent and upcoming events such as the AMTSO workshop (which I've just attended: much more information on

My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making

[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.

Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies

Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see

[Update: it's likely that the attacks described below will also take advantage of the more recent bombings in Dagestan, as described by the BBC here. Isn't it bad enough that horrors like this take place at all, let alone provide revenue for cybercriminals?] Late last  night (30th March) I added a pointer to my earlier

Two new white papers have been posted on the white papers page at http://www.eset.com/download/whitepapers.php. (1) "Ten Ways to Dodge CyberBullets" by David Harley Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worst-dressed French poodles, the 10 most embarrassing political speeches and

As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/.  Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it  http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https   Thanks, Sebastián! David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog ESET Threatblog notifications on Twitter:

Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https - Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an