ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Beta Test This!

Well, I said I wasn’t going to post each time the storm gang changes their tactics, however, perhaps I can use many of their ploys to teach anti-scam education. The scum-scam du jour is an email asking you to beta test some software. One I saw went as follows: ———————————————————————————————— Would you consider helping us

Wow, a bulletproof vest!

Our heuristics have gotten pretty well tuned to the varieties of Storm Worms we’re seeing. We generally catch the new variants, but nobody is catching them all without incurring a significant false positive rate. There are probably some companies that would take issue, but when you block everything, including good, that counts as false positives

Is Everyone Really Bad?

Most of us were taught that most people are good and only a few are bad. This truism has carried over to computers where it is not applicable, especially in the case of email. It isn’t that there are more bad computer users than good ones though. Here’s how it works. If you have 100

Yahoo Messenger Vulnerability

Vulnerability in Yahoo Messenger that can potentially allow a remote attacker to hijack your PC is you accept a webcam invite. Of course, your friends are not going to exploit the flaw when they invite you to a video chat. The threat is when you get invites from untrusted sources. The obvious advice is to

Sugar Pill

WARNING! The following post contains examples of humor and satire. If you do not find this funny there is probably a pill for that too. We’ve seen Red Pill (http://invisiblethings.org/papers/redpill.html). We’ve seen Blue Pill (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html). Today I read about Purple Pill (http://blogs.zdnet.com/security/?p=427) and so I have decided to pre-emptively warn you about Sugar Pill. Sugar

You Have To Try Hard To Be Less Competent

So the people at untangle.com decide to “test” anti-virus product in an effort to prove their dedication to open source zealousness. I’m not against open source, but if you want to promote it then be honest about it. First untangle grabs a few samples of “viruses” that they know CLAM AV will detect. Unfortunately 1

eOops

Ok, now I’m in trouble. It seems that about the time of my post about eVil eCards and eVites our sales department was just about to use an eVite. Actually, for their intended purpose an eVite may well be the right tool for the job. How’s that you ask? The answer is context and clear

Why eCards, eVites, eGreetings, and such are eVil

There are a number of reasons why people should not send or read eCards and the like. I am hard pressed to think of any reasons why people should send them though. So, how about a list of reasons why you should not send or open them. 1) Social Engineering. E-ware, as I collectively call

Twisted advice

CISRT issued an advisory about an IM worm. This is a typical worm that you avoid quite simply by not opening attachments in IM, especially when they claim to be Paris Hilton Videos. There is nothing particularly interesting about the worm, but there is something interesting about the write up at http://www.cisrt.org/enblog/read.php?128. CISRT gives instructions

How about a Banking License?

A few weeks ago I did a podcast about a proposal for an “Internet Driver’s License”. All of my podcasts are at http://www.eset.com/podcasts/ and are available as MP3’s as well. I didn’t think the idea of the internet driver’s license would play out well, but I do think that perhaps an “Online Banking License” might

e‑Gads!

Several years ago when I first saw an e-Card, the first thing that I thought was that these would become a very successful tool for social engineering attacks designed at spreading malicious software. The current wave of “storm worm” spam uses this exact tactic. Emails such as the following are how users are tricked into

Your Mother Wrote This Blog

Now, why don’t you believe me? If I sent it to 5 million people in an email message many of them would believe it. Pierre-Marc wrote a blog entry this morning http://eset.com/threat-center/blog/?p=69 in which he described one of the latest scams going around. For those of us who work around security, we saw this abuse

It Looked Like a Duck. It Walked Like a Duck. It Quacked Like a Duck!

It was a chicken in disguise. On July 1st at 12:41 AM CET ESET became aware of a false positive. Some advertising banners were incorrectly flagged as being infected with the JavaScript trojan JS/Tivso.14a.gen Trojan. By 2:00 AM CET update version 2366 went out, correcting the misdetection. Later ESET researchers discovered that the generic signature

Open‑Item Attack Gadgets!

In December 2006 Walmart sold an open-item Zune with porn on it. The porn was almost certainly from the previous owner. Walmart then resold the item without checking it. Upon realizing their error, Walmart went with the surefire “let’s blame Microsoft for our mistake” defense. In reading Tyler Reguly’s blog over at computerdefense.org, I came

MPack, the great hype generator

There has been a lot of hype around MPack. As a result consumers are asking anti-virus vendors if they detect it. For the average consumer detecting MPack is of no value. MPack was reportedly found on over 10,000 web servers, however not a single visitor to those sites was infected with MPack. MPack is only

Complaint from the Better Business Bureau

Over the weekend, one of ESET’s executives had an interesting surprise in their mailbox: A complaint from the Better Business Bureau (BBB). ESET is a BBB member, so we periodically receive e-mail from them. In this case, though, the email was not a newsletter or membership renewal notification. The e-mail stated that a consumer had

Sometimes Justice Prevails

Back in February I blogged about the Julie Amero trial. On June 6th her defense team’s motion for a new trial was granted by the judge in the case. This means that the conviction has been set aside (overturned) and it is up to the state to try the case again or dismiss charges. The

Not Your Typical Security Blog

Sometimes you just have to take a step back and appreciate what really matters. Security is important. The problems we face are enormous and can cost a lot of money to deal with – even more if not dealt with correctly. But for all that, there is something much more valuable – our friends.    

ESET Gains 43rd Virus Bulletin VB100 Award

Some of you witnessed the unexpected – ESET missed a VB100 in the April VB Linux comparative due to a false positive in the clean set. We are pleased to announce that following discussions with the staff of Virus Bulletin they have reversed that decision and granted ESET our 43rd VB100 award. The Virus Bulletin web

Spambot Games – so far

Did the spambots guess the answers to my questions? I think not. I tried the following two questions: 7/0= Got Milk In both cases the answer I specified as correct was “quue792mcow9up4esbbrkjldjb,dzrrkjrenjl407niuvdopinejnvf DHOIVNN;LN;ND” I’m pretty certain that the spambots did not have time to crack the question, so now it is time to find out