If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest. @Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or

I was asked whether I'd seen SEO (Search Engine Optimization) poisoning relating to the Icelandic eruption and the very widespread grounding of aircraft in Europe. Well, there were certainly attempts in March to exploit the earlier Eyjafjallajokull eruption in order to drive googlers interested in finding out more towards malicious web sites. So it would be naive

Since our April ESET news has already been dominated by Facebook and Koobface an updated Facebook best practices wrapup seemed in order. Facebook Newbie? Read This First While most of us involved with this blog are old hands at implementing security, sometimes it’s hard for others to process the do’s and don’ts. Michelle Green contributed

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently,

September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these

[Interim updates removed: later information on Twitter profile attacks and Blackhat SEO attacks using keywords related to this topic to spread malware, has been made public in a later blog at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls.] Following this morning's bombings in the Moscow Metro (subway system), Aryeh Goretsky suggests the likelihood of criminals using "blackhat SEO" (search engine optimization

Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in

Last summer (June 2009), I posted about an example of a very common scam that relies on the scammer gaining access to someone else's email or Facebook account, then sending messages to all their contacts claiming that they've been mugged while abroad on business or vacation, and need their friends to send them some money

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

[Update: so far I have two votes for dumb. Maybe I'm giving this spammer too much credit, and it is a simple "spam template fail" ;-) On the other hand, while I wouldn't vote "evil genius", I'd still love to know how many people actually fall for this - I don't have a problem envisaging