Bio

David Harley

David Harley

Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Articles by author

Langner, Stuxnet, US and Israel.

Added to the Stuxnet resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 on 4th March 2011: Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher. As previously mentioned at http://blog.eset.com/2011/03/03/nice-stuxnet-commentary-and-hype-deflation. (Hat tip to Mikko Hypponen. Again!) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Here’s my support desk!

got a phone call from a gentleman with a pronounced accent wanting to help me with my virus problem ... You didn't know I had a virus problem? Neither did I, but he assured me that I was spraying malware all over the part of town I live and work in.

Facebook Spam: the Fifth Wave

My colleague from ESET Ireland, Urban Schrott, reports that the company has seen a megawave of Facebook spams:  five separate spams in 24 hours. I've no idea of the numbers involved, but Urban's "think before you click" message is well worth repeating. The post is to ESET Ireland's CyberThreats Daily blog post: the company also

Nice Stuxnet Commentary and Hype Deflation

Some extra resources: J. Oquendo takes a cold, clear look on Infosec Island at some of the hype that surrounds the Stuxnet story: Cyberterrorism – As Seen On TV While Visible Risk, while by no means entirely negative about the Vanity Fair Stuxnet story (see http://blog.eset.com/2011/03/02/more-on-stuxnet), makes an entirely reasonable point about Irresponsible Sensationalism. I

TDL4 and Glupteba: Piggyback PiggyBugs

My colleague Aleksandr Matrosov today received an interesting sample of TDL4 from another of my colleagues, Pierre-Marc Bureau: this sample downloads and install another malicious program, Win32/Glupteba.D. This was the first instance he’d come across of TDL4 used to install other malware, and here’s his account of what he found. A sample of Win32/Olmarik.AOV was

The Terrifying Android

At a time when Gartner estimates that we'll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn't help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting. Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market

More on Stuxnet

A few more developments in the Never-Ending Story: Michael Joseph Gross on A Declaration of Cyber War in Vanity Fair. Despite a somewhat breathless tone in the introduction – "the world’s top software-security experts were panicked by the discovery of a drone-like computer virus" (where's my Valium?!) – actually a comprehensive and largely accurate account. It

From Russia with Spam

...Ontinet has been noticing lots of emails with links to forums. Following the links leads to a forum full of spam products, from replica watches to viagra...

AMTSO and RSA

Before I started today's flurry of blogs, I was uncharacteristically quiet: first I was at an AMTSO event in San Mateo, then at RSA in San Francisco...

Keyloggers in the Library

If you found my recent post on Public Access PCs Booby-Trapped of any use, you may also find a follow-up article by SC Magazine's Dan Raywood of interest. The article on Keyloggers found plugged into library computers quotes some further thoughts I sent him in a subsequent exchange of email, and also quotes Wilmslow police inspector Matt

BBC6 and another Lush site hacked

[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.] I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is

Stuxnet, Iran and Anonymous

Links to two Stuxnet-related stories have been added to the resources page at /2011/01/23/stuxnet-information-and-resources-3/. Kim Zetter, in Wired's "Threat Level" column Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, summarizes the latest update to Symantec's Threat Dossier. Symantec researchers now believe that Stuxnet targeted five organizations in Iran as staging posts

10 Ways to Protect Yourself: Part 6

Don’t disclose sensitive information on public websites like FaceBook or LinkedIn. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks. Rather than expand on that point, for now, I’m going to point to another “10 ways to protect yourself” resource: the more good advice

10 Ways to Protect Yourself: Part 5

Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s

10 Ways to Protect Yourself: Part 4

Use different passwords for your computer and on-line services. Also, it’s good practice to change passwords on a regular basis and avoid simple passwords, especially those that are easily guessed. As Randy pointed out in a recent blog, it’s debatable whether enforced frequent changes of hard-to-remember passwords are always constructive (they can force the user to write down

Ten Ways to Protect Yourself: Part 3

Log on to your computer with an account that doesn’t have “Administrator” privileges, to reduce the likelihood and severity of damage from self-installing malware. Multi-user operating systems (and nowadays, few operating systems assume that a machine will be used by a single user at a single level of privilege) allow you to create an account

Castlecops: more comments

Further to my post of 25th December about the withdrawal of the CastleCops services, there’s a blog at Darkreading that includes more information, including some quotes from Paul Laudanski, who was, with his wife Robin, the driving force behind the organization: also quotes from our own Randy Abrams, David Ulevitch of PhishTank, and Garth Bruen

MD5/SSL: is the sky falling?

Lots of fuss  was made about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5

Ten Ways to Protect Yourself: Part 2

Here’s the second instalment of the “ten ways to dodge cyberbullets” that I promised you. Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites. This point is particularly  relevant right now, given the escalating volumes of Conficker that we’re

(One out of) Ten Ways to Dodge Cyber‑Bullets

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published

Sending Malware Information to ESET

I’ve just picked up a comment to a previous blog that pointed to what I presumed to be a malicious URL. We’re grateful for all such information, but for obvious reasons, we won’t approve comments that point to malicious code! You can find information here about how to forward malware samples, malicious URLs or false positive

Castlecops: End of an Era?

This is a sad item for Christmas Day morning. Castlecops have been making considerable efforts to fight crime on the Internet in many areas (surviving many an attack from the bad guys in the process) for a long time, but seem to have suspended the service on 23rd December. I hope there’s nothing more sinister

Internet Explorer Problems

It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions. Of

After AVAR: Normal Service is resumed…

Given our recent attempts to keep the blog flow more consistent, you might have noticed that we’ve been very quiet for the past couple of weeks. That has a lot to do with the fact that Randy Abrams and I have been in India for a meeting in Chennai, followed by the AVAR (Association of

VB100 test results (53 today!)

December’s Virus Bulletin includes a comparative test for a number of products on the Windows Vista x64 platform, giving us our 53rd VB100 award. To get a VB100, a product needs to detect all “In the Wild” viruses on-demand and on-access, with no false positives. Note that “In the Wild” here refers to replicative malware

Global Threat Report

You may be aware that in addition to our semi-annual global threat trends reports, we also do a monthly report. Much of this report is trend analysis based on data from our ThreatSense.Net threat tracking system. ThreatSense.Net® is an advanced threat tracking system which reports detection statistics from tens of millions of client computers around the

Spies in One’s Samovar (or a Storm in a Teapot)

Round here, we’re mostly concerned with the malicious and programming kinds of bug. But as an avid watcher of Spooks*,  I couldn’t resist sharing with you an item in the Telegraph about a samovar presented to the British Royal Family about twenty years ago. Apparently, after a surveillance sweep of the Queen’s estate at Balmoral, the

Mytob and the National Health Service: a Matter of Trust

Okay, sorry about the horrible pun. It suddenly occurred to me that people (especially those from outside the UK) might be somewhat shocked that the Barts and the London NHS Trust, a group of three major hospitals in London took so long to deal with a malicious program that was, apparently, detected by their provider

Anti‑Malware Testing Resources

...after many years of campaigning for better testing and better information about testing, it feels very positive that people are prepared to sit through a 60 minute presentation and then go on asking questions for another half hour...

Mytob and the NHS: Trigeminal Nostalgia

I’m still in Washington, but have just picked up some news that reminds me not only of home, but of my job of a few years ago, when I worked as a security manager for the UK’s National Health Service. It’s been announced that the Barts and The London NHS Trust, which includes several of