ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Heuristic Detection Techniques

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking. 1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same? 2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled

How to Get Security All Wrong

I suppose I could make this a really short blog and simply say “Do it like the TSA does”. It would be accurate, but perhaps doesn’t explain enough. In case you don’t know, TSA is said to stand for “Transportation Security Administration”, but I tend to think it means Terrorist Support Agency, as they do

Grasping at Straws – Did Malware Hack Palin’s Email Account?

There are times that malicious software actually results in innocent people being accused or even convicted of crimes they did not commit. There are times, however where malware is not to blame. Today I read a story at http://www.theregister.co.uk/2009/12/09/palin_hack_spyware_defence/ where the lawyers for David Kernell, the man accused of hacking Sarah Palin’s Yahoo email account,

Some People Just Don’t Get It

I read an article on the Newsweek Blog today http://blog.newsweek.com/blogs/techtonicshifts/archive/2009/12/22/antivirus-under-attack-from-polymorphic-threats-and-you.aspx In the blog the author states “Individuals and corporate users are storing less data on their hard drives and more in the cloud — remote servers, operated by giants like Google and Amazon. With less valuable data on individual PCs, the need for virus protection

The New Cyber Security Coordinator

Today it was announced that Howard Schmidt will become the Cyber Security Coordinator for the White House. First off, it’s about time the press stopped calling the position “Czar”. I met Howard Schmidt when he and I both worked at Microsoft. It was right after I had spent a little time teaching helpdesk how to

What Does The World Know About You?

Social networking sites have become living biographies of people and may set them up for social engineering attacks. From time to time I enjoy looking to see what I can find out about people who send question to me using the AskESET@eset.com address. I won’t ever name names, but I wanted to share one example.

PDF – Pretty Darned Fatal

Adobe PDF files were supposed to be a safe alternative to Microsoft Word documents in a time when Microsoft offered no effective protection against macro viruses and had virtually no security model in Office at all. Times change. Microsoft Word documents rarely spread macro viruses and have not for a long time if you are

Upgrade or Die

OK, it isn’t quite that dire, but if you are using Windows XP Service Pack 2, support for that version of the operating system will end in July 2010. If you plan to stay with Windows XP a while longer then it’s a good time to upgrade to service pack 3 if you have not

Que Sera Sera – A Buffet of Predictions for 2010

I was recently asked to share some predictions about what 2010 will bring in the security space. I asked some colleagues from ESET Research to share their thoughts as well -Randy Randy Abrams Director of Technical Education Social Engineering attacks will continue to grow in prevalence. As operating systems and eventually applications become more secure,

Don’t Let a Hacked Website Get You

In a recent article it was reported that more that 300,000 websites had been booby trapped. http://www.theregister.co.uk/2009/12/10/mass_web_attack/. The bad guys were able to compromise these websites and insert programs so that if you visit the web site it will try to infect your computer. You have no way of knowing if a web site has

Behavior Blockers, Immunizers, CRCs, and Active Monitors

I recently received a question at AskESET@eset.com that I thought would be of general interest, so I am answering it here. Could you tell me what the differences among Behavior Blocker, Immunizers, CRCs, and Active monitors? Thanks. A behavior blocker is a type of program that prevents certain actions from being taken. A behavior blocker

Drive‑by Downloads

I recently received a question at askeset@eset.com that I think maybe of interest to more than just the author. I read an interesting article written by Kaspersky Lab titled "Drive-by Downloads.  The Web Under Siege" and have a question I was hoping you could answer. (I have included a link to the article below.)  Are

Holiday Shopping Deadlines

In just a couple of weeks you will be out of time to shop online and have that gift delivered in time for the holiday. I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that

Malware Report Podcast: Marcus Sachs’ Take on Cybersecurity

December 3, 2009,  marked the 150th episode of the Malware Report Podcast (http://www.eset.com/podcasts). We talk about a lot more than malware and for the 150th we invited Marcus Sachs, director of the SANS Internet Storm Center to be our special guest to chat about the current cyber security landscape as well as the government’s role

PayPal Admits to Phishing Users

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a

The Perils of Craig’s List

Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after

PayPal Phishing

With the holiday purchasing season in full swing, expect to see a rise in PayPal phishing attacks. The bad guys know that there is a high likelihood of increased PayPal use. As we get closer to Christmas, the need for timely orders will increase. This will probably result in a lot more of the phishing

Whitelisting and the iPhone

The much reported/blogged iPhone worm does not affect all iPhones. Specifically it affects SOME iPhones that have been jailbroken. A significant part of the iPhone and iPod Touch security model is a technique called “whitelisting”. This is not new and is known to be a very effective security technology that can be used to prevent

Don’t be a Turkey!

Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability