New Botnet: Storm Signal?
Pierre-Marc tells me that he has received two malware samples that grabbed his attention due to their resemblance to Storm/Waledac.
Archives - December 2010
Threatsense Report: Looking Forward, Looking Back
The December ThreatSense report, being the last report of the year, is a little bigger than usual, and takes a longer view.
The Droid Army
The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web
What is Typo Squatting?
This short video blog explains a bit about typo squatting. For our readers who are not native English speakers, typo means typographical error, or in plain English, it means you typed the wrong letters in. Some websites buy domains with similar names so that you will still get where you want to go if you
What are Heuristics?
It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the “find” command in your word processor to locate a particular piece of text) or as
What is Adult Traffic Trading.
This short video blog explains what “Adult Traffic Trading” is. This series of Video Blogs is in response to a study done about adult content web sites. This is a really, really short video, but the answer is simple enough to answer the question that it doesn’t need to be a long video. Randy Abrams
Getting a Kindle for Xmas?
This isn’t exactly a security post, although when things go wrong on electronic devices viruses almost always are suspected and blamed. Well, the truth is that sometimes it is a hardware problem. Many Kindle users complained of crashes. The Kindle has not been found to have exploitable vulnerabilities (yet) and isn’t even reported to have
A Primer on Drive‑by Downloads
Here in the Cyber Threat Analysis Center we’re starting to add video blogs. If the threat information I share doesn’t scare you, maybe my picture will :) This short video blog is about drive-by downloads. This is aimed at helping people who are not technical to understand the nature of the threat. Drive-by downloads are
New Link on White Papers Page
...This paper, presented at the Annual Computer Security Applications Conference (2010) ... discusses alternative approaches to understanding botnet mechanisms, using "in the lab" experiments involving at-scale emulated botnets...
Stuxnet Analysis Update
Version 1.3 of the Stuxnet Analysis white paper is now available on the white papers page at http://www.eset.com/documentation/white-papers.
Premium Phish
Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled. A picture of the body of the email is below. The “from” address would fool many people. The “to” address
First, Catch Your Botnet
The paper presents an alternative approach to botnet research, employing “in the lab” experiments involving at-scale emulated botnets.
Support Scams: Even More Personal
A recent report from Get Safe Online suggested that one in four people in the UK have received calls like this (based on a sample of 1500 adults), and my colleagues in Ireland tell me that their experience suggests comparable figures there.
Opt Out isn’t Just for One Day
Recently there was a lot of news around an “opt out day” with respect to the American TSA using scanners to take nude pictures of travelers. The idea was that if people opted out on one of the busiest travel days in the USA it would bring lines to a stand-still and perhaps cause the
MS10‑092 and Stuxnet
...among the 17 security bulletins just released by Microsoft on Patch Tuesday, MS10-092 addresses the Task Scheduler vulnerability prominently exploited by Win32/Stuxnet...
Crouching Worm, Hidden Virus Writer, Rising Damp
...poachers turned gamekeeper are not uncommon in the security industry as a whole, and it's all too common for aspirant virus-writers whose notoriety is not necessarily matched by their technical skill to be hired by companies on the remote borders of malware detection and filtering, but the "real" AV industry goes out of its way to avoid hiring the ethically challenged....
WWW – Web Weaponization and WikiLeaks
Unless you’ve been on a sabbatical in a remote and unconnected part of the world, I don’t think you could have missed the news regarding WikiLeaks (the “whistleblower” web site) and its founder, Julian Assange. To put it succinctly, in the last few weeks, attempts have been made to shut down WikiLeaks’ operations- from payment
Is Barbie the Pedophile’s Best Friend?
A recent story http://www.telegraph.co.uk/news/worldnews/northamerica/usa/8180442/FBI-warns-Barbie-camera-could-be-used-by-paedophiles.html tells of a leaked FBI memo about the perils of a new Barbie doll. It appears that the new Barbie comes equipped with a web cam that can allow children to send videos of themselves across the net. The FBI, rightfully so, worries that this may be a weapon of pedophiles
How to Fool a Security Researcher
...Andrew Lee conducted a fun but disquieting thought experiment in the course of an amusing and informative presentation on user education at the recent Virus Bulletin Seminar...
That’s One Small Step for Law Enforcement
And a giant step for Internetkind. You really have to feel for the law enforcement officers throughout the world trying to bust the scum that attack your brothers, sisters, mother, father, grandparents, and everyone else. As hard as they try to catch and convict these dirt bags they run into all kinds of obstacles. One