Tax Scams, Malware, Phishing and a 419
A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.
Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.
David HarleyMissed a phone call? The Better Business Bureau says answering international telephone fraud calls looking like US calls might cost you more than you think.
David Harley419s are a well-known scam type, but some scams are more obvious than others. And sometimes it's the seller who's cheated not the buyer.
David HarleyIs there really anything new to be said about tech support scams? Unfortunately, the FTC tells us there is. Not only because people are still falling prey to this type of fraud, but because the scammers are still finding new approaches to harvesting their victims’ credit card details. Some quite interesting, sophisticated technical tricks are
David HarleyThere are plenty of scams effective enough to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use. And so, even though much of ESET’s business is focused on the bits and bytes of malicious software, I’ve spent a lot of time writing on WeLiveSecurity and
David HarleyA phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?
David HarleyDeath of a Sales Force: Whatever Happened to Anti-Virus? is a paper written by Larry Bridwell and myself for the 16th AVAR conference in Chennai, which was kindly presented by ESET’s Chief Research Officer Juraj Malcho, as neither Larry nor myself were able to attend the conference in the end. The paper is also available
David Harley(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.) From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step
David HarleyLess innovative than the scam mails described in my previous articles (Phish to phry and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is
David HarleyIn the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some
David Harley[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a
David HarleyIt so happens that I live over 5,000 miles from the ESET North America office in San Diego, and so tend not to have water cooler conversations with the people located there. Of course, researchers working for and with ESET around the world maintain contact through the wonders of electronic messaging, but there are lots
David Harley[Update 30th October 2013: with regard to the ping gambit discussed below, please note that protection.com now responds to ICMP echo requests – in other words, if you now run the command “ping protection.com” you should now see a screen something like this: Note that this is perfectly normal behaviour for a site that responds
David HarleyAs both Macs and Mac malware increase in prevalence, the importance of testing the software intended to supplement the internal security of OS X increases too. But testing security products on Mac is tricky, due to Apple's own countermeasures. Can it be made easier?
David HarleyAfter taking quite a long break from comment moderation on the WeLiveSecurity blog, I’ve recently started receiving comment notifications and have therefore been able to moderate some of the comments that have I’ve seen, and I thought it was worth passing on some thoughts about the moderation process as I see it. I should make
David HarleyA new paper aims to profile the victims most likely to fall for a phishing attack. But what is less clear is how you develop a profile while avoiding the pitfalls of stereotyping.
David HarleyI was recently contacted by a journalist researching a story about ‘hackers’ quitting the dark side (and virus writing in particular) for the bright(-er) side. He cited this set of examples – 7 Hackers Who Got Legit Jobs From Their Exploits – and also mentioned Mike Ellison (formerly known as Stormbringer and Black Wolf, among
David HarleyI recently completed my 14th Virus Bulletin conference paper, co-written with Intego’s Lysa Myers, on “Mac hacking: the way to better testing?” to be presented at the 23rd VB conference in October, in Berlin. The paper itself won’t be available until after the conference, but the abstract is on the Virus Bulletin conference page here.
David HarleyMy colleagues at ESET Ireland, report that an all-too-familiar scam is currently hitting Irish mailboxes. I’ve talked about it at some length here previously – for instance here and here – but here’s a quick summary. Someone, apparently someone you know (a friend or a family member) contacts you to tell you that they’ve been
David HarleyI made a comment recently that was subsequently quoted in a recent ESET blog – Android “master key” leaves 900 million devices vulnerable, researchers claim – and it appears that comment may have confused one or two people. What I actually said was this: “Security based on application whitelisting relies on an accurate identification of
David Harley[A shorter version of this article was originally published – without illustrations – on the Anti-Phishing Working Group’s eCrime blog.] Phishing attacks targeting academia aren’t the most high-profile of attacks, though they’re more common than you might think. Student populations in themselves constitute a sizeable pool of potential victims for money mule recruitment and other
David HarleyA BYOD dissonance between economic imperative and loss of central control? Discontented staff susceptible to social engineering? David Harley reflects on aspects of Business Reimagined, a new book by Dave Coplin, chief envisioning officer at Microsoft UK, interivewed by Ross McGuinness in Metro.
David Harley…and nor are we responsible for fake AV/scareware and (more recently) ransomware, though I did suggest in a paper I presented at EICAR a couple of years ago that the bad guys who do peddle that stuff are all too proficient at stealing our clothes, and that maybe some security companies were making it easier
David HarleyAs an earlier article here noted, the recent report from the Commission on the Theft of American Intellectual Property shows a great deal of concern about the “scale of international theft of American intellectual property” which it estimates to be “hundreds of billions of dollars per year.” However, there’s also been a certain amount of
David HarleyRecently we realized that from time to time when people find a live link in one of our blogs, they click on it to see where it goes, even though the context might suggest that the link could be malicious. So we thought it might be a good idea to set up a link so
David HarleyCorrect identification of an individual using a computer or service is important because it represents the accountability of the person identified. If you know my username on a computer system, you can check on what I do on that system through an audit trail, and I can therefore be held accountable for those actions. However,
David HarleyApparently we posted 235 blogs here in 2012, just a fraction under 20 blogs per month on average. So this would be a perfect moment to produce one of those summaries of the year’s activities that wordpress.com provides, telling you how many people viewed your blog site and how many times they’d go round the
David HarleyAV companies obey the law and cooperate actively with law enforcement. That doesn't mean they turn a blind eye to government spyware.
David HarleyAryeh Goretsky's paper won't turn you into a business continuity specialist, but is an excellent primer on why, how and when to back up your data.
David HarleyDuring the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.
David HarleyA week or so ago we promised you a full paper expanding on our Hodprot is a Hotshot blog. That paper is now available.
David HarleyMy colleague Daniel Novomeský alerted me to a problem he’s observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space (“packing”) or using a “protector” in order to make it
David HarleyThis is the 3rd volume of an ongoing Stuxnet resources blog article, supplementing our paper "Stuxnet Under the Microscope".
David Harley@imaguid microblogged today about his annoyance at "the analysts and journalists who breathlessly fawn over #stuxnet", and suggested that we call it even.
David HarleyThe Stuxnet analysis "Stuxnet Under the Microscope" ... has, unlike most ESET white papers, been subject to a number of revisions as we've come to know more about the malware itself, and as the purposes of its perpetrators have become clearer. However, since all the known vulnerabilities exploited by Stuxnet have now been patched, version 1.3x of the document is likely to be the last substantial revision.
David HarleySummary of and link to an AVAR paper addressing some of the pitfalls of using malware simulation in product testing.
David Harley...an article suggests that "Stuxnet was developed to improve the quality of enriched uranium, so that it no longer can be used for the production of atomic bombs." It's an interesting theory, and I'm certainly not going to say it's wrong...
David HarleyTip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report
David Harley