Finfisher and the Ethics of Detection
AV companies obey the law and cooperate actively with law enforcement. That doesn't mean they turn a blind eye to government spyware.
Archives - August 2012
FinSpy and FinFisher spy on you via your cellphone and PC, for good or evil?
We read that “FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc.’s iPhone and Research in Motion Ltd.’s BlackBerry…”, at the opening of a Bloomberg article that several readers of the ESET blog sent us yesterday, along with a number of questions that boil down
Java zero day = time to disable Java, in your browser at least
Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT
The Cloud for SMBs: 7 tips for safer cloud computing
Ahead of next week’s VMWorld in San Francisco, here are some thoughts on the safe use of cloud computing for smaller businesses, along with a podcast (see the link at end of the post). The Cloud concept, a flexible Virtual Machine (VM) based system that allows rapid expansion and dedicated functionality without hiring new staff,
Support scams and Quervar/Dorifel
More information about how tech support scammers have been using the Quervar/Dorifel outbreak to trick Netherlanders into giving them access to their systems and credit cards.
AMMYY warning against tech support Scams
Ammyy is eager to disassociate its service from Indian tech support scammers misusing it, and has some good advice for victims and potential victims.
Carbon Dating and Malware Detection
Carbon Black assert that if an AV company doesn't detect malware within six days of its being flagged on Virus Total, it probably won't after a month. Is that as dangerous as it sounds?
Quervar Induc.C reincarnate?
Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the
FBI Ransomware: Reveton seeks MoneyPak payment in the name of the law
A crime wave of malware that demands money from victims to avoid prosecution by the FBI has been alarming web surfers across America. Victims suddenly find their computer frozen, and an official-looking page, like the one shown below, is displayed in their web browser. The FBI and the Internet Crime Complaint Center (IC3) have received
Bad password choices: don't miss the point
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
Photo tagged on Facebook = getting tagged at physical stores now too?
A new tech startup that produces facial recognition camera systems tied to Facebook tagged photos, plans to offer the technology to more traditional physical stores so they could offer you appropriate deals as you enter their business. That’s great for stores who want to have more targeted information about you, based on a bit of
Interconnection of Gauss with Stuxnet, Duqu & Flame
Last week, reports of a new malware named Gauss emerged, a complex threat that has attracted a lot of media attention due to its links to Stuxnet and Flame and its geographical distribution. Since ESET has added detection for this threat, we are seeing geographical distribution of detection reports similar to those detailed by Kaspersky.
Win32/Gataka banking Trojan – Detailed analysis
Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we
Dorifel/Quervar: the support scammer's secret weapon
The threat of the Dorifel/Quervar malware spreading in the Netherlands is being used by telephone scammers to trick local PC users into paying for 'protection'.
Blizzard Entertainment hacked this time for real (lessons learned)
In May we read that game maker Blizzard, developer of a series of popular games including World of Warcraft, Diablo III and Starcraft, was hacked, but that turned out to just be individual compromised accounts from some of its users. Now we read, from Blizzard itself rather than a third party, that they have been
Authentication attacks: Apple, Amazon, iCloud, Google, anything with a password
Sharing details of the hack that “wiped his life” has earned Mat Honan a place in the annals of information system security; the specific inter-dependence of flawed authentication systems that cost him so dearly–encompassing Apple, iCloud, Amazon.com, Gmail and more–would probably still exist if Mat had not gone public. Wired has the full story here
Support Scammer Anna’s CLSID confusion
Scammer Anna claims to be from Global PC Helpline, and certainly that site seems to be confused about what it is and where it operates from.
Foxxy Software Outfoxed?
Part of my daily routine here at ESET is to inspect URLs for new trends and malware campaigns identified by our systems. A couple of weeks ago I noticed a group of URLs with a similar pattern. When I investigated further, I found out that the URLs pointed to copies of legitimate web sites with
Misusing VERIFY (and other support scam tricks)
After Event Viewer, ASSOC, INF, PREFETCH and Task Manager, it seems that VERIFY is the latest system utility to be misused by PC tech support scammers.
Mac OSX/iOS hacks at Blackhat – are scammers setting their sights?
For years scammers and hackers focused largely on Windows x86-based platforms, in many ways because that’s where the bulk of the users were. But times change, and new targets emerge. At Blackhat and Defcon last week we saw a flurry of talks on Mac OSX/iOS security, trying to illuminate possible chinks in the armor. From