Bio

David Harley

David Harley

Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Articles by author

Uncategorized SQL Injection Attack Alert

SQL Injection Attack Alert

I've already mentioned this on the AVIEN blog, as it was an AVIEN member who first drew it to my attention, but a fairly dramatic SQL Injection attack has been flagged by the Internet Storm Center: it appears to resemble the lizamoon attack which was reported as affecting around a million sites earlier in the year.

Uncategorized SOPA Opera

SOPA Opera

We all have our concerns about piracy and violations of intellectual property, but the discussion taking place at the moment behind closed doors seems pretty one-sided.

Uncategorized Infosecurity Conference APTitude Adjustment

Infosecurity Conference APTitude Adjustment

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,

Scams Facebook video scam: 15 seconds? Don’t watch it at all

Facebook video scam: 15 seconds? Don’t watch it at all

[Update: For more articles about Facebook security click here. To help you protect yourself on Facebook and Twitter, ESET provides a free social media scanner.] One of my Facebook friends drew my attention today to a fast-spreading link. I’m pleased to say that he knew better than to look at it, but I figured it was

Uncategorized Crisis? What Crisis?

Crisis? What Crisis?

In the AV industry, we’re not unaccustomed to security scare stories met with a debunking response. For example, Peter Norton was quoted in 1988 in Insight as saying that computer viruses were an urban myth, like the alligators supposed to inhabit the sewers of New York. (He did change his mind around 1990 when he gave

Scams A Matter of Life and Delf? Malware on the Fiddle

A Matter of Life and Delf? Malware on the Fiddle

There’s been a certain amount of buzz in the past couple of days about messages claiming to link to Wire Transfer information, but actually related to a Trojan commonly called Delf or Doneltart. ESET is detecting the examples we’ve been seeing as a variant of Win32/TrojanDownloader.Delf.OZG. The messages generally look something like this (at least,

Uncategorized Shorteners/Redirectors: short of ideas

Shorteners/Redirectors: short of ideas

We’ve been having some discussion internally about shortened URLs, with specific reference to pointing to web resources on Twitter, where you can’t actually avoid using shortened URLs, because an uncompressed URL is automatically shortened using bit.ly. You may remember that I discussed these issues before here, The main problem, of course, is that it’s all too

Malware Slideshare Responses

Slideshare Responses

We’ve had reassuring responses from Slideshare about the recent problem with a malicious slide deck and the company’s timely removal of the malicious account. You can find these in the comments to the previous blogs on the subject, but as many people who saw the original blog won’t necessarily go back to check on comments,

Uncategorized Slideshare update

Slideshare update

Further to yesterday’s blog at http://www.eset.com/threat-center/blog/2009/08/03/slideshare-used-to-spread-malware, I hear from  Sebastián Bortnik that the account holder that posted those malicious slides to Slideshare has been banned, and the slide decks are no longer available. However, he (the black hat, not Sebastián!) had managed to post 2,473 slides with malicious links before he was stepped on: see

Uncategorized SlideShare used to spread malware

SlideShare used to spread malware

Over the weekend our colleagues at ESET Latin America found that Slideshare was being used to spread malware. As they haven’t found much information on the web about this, Sebastián Bortnik blogged today about what they found. (Errors in translation and interpretation should be attributed to David Harley!) I’ve added some thoughts and some content

Uncategorized More Free Lunches

More Free Lunches

Discussion has been rolling on in comments to a blog Randy posted some time ago (back in June, to be precise…) on Microsoft Essentials. Rather than go over exactly the same ground, I’d like to reiterate some points about free antivirus generally, but starting off from a question that was put in a comment to

Uncategorized ThreatSense.Net® Report for July

ThreatSense.Net® Report for July

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is

Uncategorized Adobe Update Update (Update?)

Adobe Update Update (Update?)

This is a quick follow-up to the earlier blog about Adobe updates. I’ve just received notification that the Adobe Flash Player updates bulletin released yesterday has been updated: it now contains information about (and links to) the promised Adobe Reader and Acrobat patches. Adobe states that it categorizes these updates as critical and recommends that you

Uncategorized Adobe Updates

Adobe Updates

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK). In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues: CVE-2009-1862 CVE-2009-0901 CVE-2009-2395 CVE-2009-2493 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865

Uncategorized More Adobe Update Information

More Adobe Update Information

Adobe has issued an important announcement, much of it relating to the impact of vulnerabilities in the Microsoft Active Template Library (ATL)  flagged as CVE-2009-0901, CVE-2009-2395, CVE-2009-2493 and described in Microsoft Security Advisory (973882) on Adobe products used as Internet Explorer plug-ins.  It appears that Flash Player and Shockwave Player “leverage” vulnerable versions of ATL. According to

Mobile Security Fly By Wireless

Fly By Wireless

No, nothing to do with drive-by downloads… Our colleagues in Europe came up with a nice idea: an article on the dangers of web surfing on free wi-fi and some tips on staying safe. (A topic dear to the hearts of all of us who find ourselves out and about with our laptops from time

Uncategorized Research and Support

Research and Support

Following up on blog comments is part of the job for those of us contributing to the ThreatBlog. Well, I suppose it is: no-one else does it if we don’t. :-) Much of the time, comment handling involves dealing with the occasional comment spam that slips through our filters (there’s an interesting item on a novel

Uncategorized Hoax Hacking

Hoax Hacking

The estimable Dan Raywood, of SC Magazine, forwarded me an interesting example of a hoax email, knowing that I have an unhealthy interest in these “electronic ephemera” as Martin Overton calls them. In fact, I have an email address (hoaxchecker@gmail.com) that I use to offer a free service to people who want information on whether

Digital Security Public Health and the BCS

Public Health and the BCS

SC Magazine included an interesting item today on security and confidentiality in the UK’s National Health Service. Anders Pettersson has suggested that the NHS is too busy to be harrassed over data protection/data leakage issues, and that the security industry should “come together to educate NHS Trusts and other organizations on simple measures to protect

Uncategorized Compressed URLs & Twitter

Compressed URLs & Twitter

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at

Uncategorized Viruses Revealed: The Economics of Authoring

Viruses Revealed: The Economics of Authoring

“Viruses Revealed“, which I wrote with Robert Slade and Urs Gattiker, isn’t exactly my latest book. In fact, it was published by Osborne in 2001, and has been out of print for several years. Still, I have some fond memories of it: for a start, it was my first book in the security arena as one

Malware Research and the Art of the Obvious

Research and the Art of the Obvious

We know that spam works: well, it works well enough for spammers to keep devoting time and money into pumping sewage into the arteries of the internet. The interesting question is why does it work? The Messaging Anti-Abuse Working Group (MAAWG), a global coalition of network operators and messaging providers who do some vital work

Uncategorized Bredolab meets Best of Breed

Bredolab meets Best of Breed

ESET in Bratislava have just issued a press release concerning Win32/TrojanDownloader.Bredolab.AA, which made the top ten threat listing in our June ThreatSense.Net® report, as mentioned here. While press releases aren’t always our biggest priority on the ThreatBlog, this is certainly a research issue, and one in which many people have expressed an interest. The lab tells

Social Media There’s Security, Then There’s Social Security

There’s Security, Then There’s Social Security

How secure is your Social Security Number? If your answer is “Very: I only ever give it to organizations who are entitled to know it”, that may not be as safe as it sounds. Of course, there are a couple of fairly generic issues: some legitimate, convenient organizations may ask for it who are, nevertheless,