ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Damn The Icebergs, Full Steam Ahead!

A couple of weeks ago I posted an entry on here about the size of the cybercrime problem from a dollar perspective. I pointed out that is was reported that US banks had lost US$40 million per month for the third quarter of 2009 due to online banking fraud. Also, the 2009 Internet Crime Report

Holes In The Cloud

About a month ago I gave a presentation in Kuala Lumpur that covered some of the concerns about the seemingly enthusiastic rush to push everything out "to the cloud". People in the Marketing business love the term "cloud computing" and have come up with some lovely images of fluffy clouds reflected on office blocks and

So THAT’S Who’s Doing it!

Early last month I posted a blog entry entitled "Who Is Doing it? Who? Who….?!". The main point of my entry was regarding the matter of people opening attachments and clicking on links that appear to be spam based. I've just been reading the 2010 MAAWG Email Security Awareness and Usage Report, and it seems

H.R.4098 – Secure Federal File Sharing Act & P2P

Yesterday the US House of Representatives approved legislation that would specify and limit open-network P2P usage by government employees and contractors on systems authorized to connected to federal computers and network resources. As with everything in life, there are exceptions. Requests to use open-network P2P applications can be made for the following purposes: necessary for

Don’t Be A Twit

There's a news item out at the moment about how a French man has been arrested for a host of Twitter account attacks including the accounts of US President Obama and Britney Spears. It seems the hacks were carried out in April last year and the arrest came about after collaboration between the US FBI

While Rome Burns…

A flurry of long-overdue government initiatives designed to address cybercrime has begun to actually develop some momentum. When I consider that it took a year to just get a cybersecurity bill through committee, I think of Nero fiddling while Rome burns, especially when everyone on the committee appears to believe it’s critical legislation. The CyberSecurity

Good In Theory, But….

Two weeks ago I acted as a panelist in a panel discussion at an IT Security conference in Kuala Lumpur. I was asked a question about global cybercrime laws. And I've just read Randy Abrams' blog that he posted here today about the proposed new US legislation that is ultimately aimed at driving other nations

The Ugly Marketing of Google Security

Engineers are really smart people who often know how to make something with no real world effectiveness work really well without effect. In a glaring example of marketing hype, very limited effectiveness, and a lesson in teaching users to fall for phishing attacks, Pavni Diwanji, Engineering Director at Google published a blog post http://googleonlinesecurity.blogspot.com/2010/03/detecting-suspicious-account-activity.html The

Carrots, Sticks and Cyber‑spies

Carrots, Sticks and Cyber-spies The US legislature is proposing international cybercrime laws according to an article on Dark Reading . The idea is to provide incentives to cooperate on fighting cybercrime, as well as penalties for countries that do not cooperate. Part of the plan calls for a “Cyber-Security Ambassador” . There is an interesting

Who Can It Be Now?

Back on the 22nd of February, I wrote an entry on this blog called "Does Anybody Know WHOIS Out There?". This entry was about the very slack or even non-existent verification of identification information (sheesh, try saying THAT with a few beers under your belt!) provided by individuals and organizations registering domain names on the

A bot by another other name…

In my day-to-day discussions with peers and the general public, there is always something that I take away from the discussions. For instance, in the last few days there have been references to Kneber and Zeus as two different botnets. I'd like to take a moment to help clarify the fact that these are actually

Turn Off That Bloody Horn!

Last week I blogged about the increased use of electronics for entertainment systems and vehicle control systems in cars, and the potential risk of malware theoretically causing those systems to be compromised. Well, a few days ago, a news item came in that was an interesting follow on from my blog, although not directly related.

We’re Not Talking Peanuts Here, Folks

We have recently seen some reports that give some idea of the real size of the cybercrime problem. Recently Federal Deposit Insurance Corporation (FDIC) Examiner Dave Nelson reported that online banking fraud involving the electronic transfer of funds cost US banks more than $40 million dollars per month for the third quarter of 2009. The

Get Your Motor Running

Ford Motor Company has recently announced that later this year it will be producing cars with built-in WiFi capabilities. Since 2008, the first generation of this system enabled owners of certain Ford, Lincoln & Mercury vehicles to connect media players & bluetooth devices to their entertainment systems. This second generation of its so called Sync

It Seems Obvious To Me….

    If you listen to IT Security experts, they will regularly tell you to make your passwords difficult to guess. They will also tell you ensure it is not short, and has a mixture of alphabetic, numeric & special characters in it – and certainly don't use a word that is found in the

AV Lingo, et al

A reader recently sent in a batch of questions that I thought might be of general interest.  I also invited other members of the Research team to chime in with their thoughts. Question 1- When it is critical to give a malware specific name? [David Harley answers…] For detection/remediation purposes, it isn't really necessary for

What Do You Get When You Fall In Love?

Let's consider the words of the song "I'll Never Fall In Love" by Burt Bacharach and Hal David: "What do you get when you kiss a girl? You get enough germs to catch pneumonia After you do, she'll never phone ya I'll never fall in love again" OK, it's confession time. I am single and

Greetings Austin!!!

After having launched the Securing Our eCity campaign (www.securingourecity.org) in San Diego, ESET is taking cyber security education to Austin Texas. ESET will be offering free educational seminars about cyber security in Austin. ESET recently commissioned a survey of 551 residents of Austin, Texas.  24% of the people interviewed reported that they or someone they

The Biggest Botnet in the World

You may have seen the news about the bot masters in Spain who were arrested. Defense Intelligence http://defintel.com/docs/Mariposa_Analysis.pdf dubbed this Mariposa botnet. It is claimed that this botnet had the power to perform much stronger attacks than what Estonia witnessed a couple of years ago.  Still, this botnet is dwarfed by the largest botnet in

RSA Highlight: Howard A. Schmidt

While RSA 2010 is in high-gear, I took some time out from meetings, speaking at our booth theater and catching up on threats, to listen to the recently-appointed  Cybersecurity Coordinator (Cyber-Czar) share his views on issues involving cybersecurity as well as his objectives and priorities.  The interview started off with an introduction which revealed a