Bio

ESET Research

ESET Research

Articles by author

Windows exploitation in 2013

The year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users.

Versatile and infectious: Win64/Expiro is a cross‑platform file infector

Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called

Anonymous and the Megaupload Aftermath: Hacktivism or Just Plain Ugly?

Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but

New Apple OS X Malware: Fake Adobe Flash Installer

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then

PDF Trojan Appears on Mac OS X

  A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.   When the user opens the “PDF” file, it attempts to mask the installation

Is Google Plus the Rumble in the Jungle?

If you don’t remember the Rumble in the Jungle, it was a boxing match between George Foreman and Muhammed Ali. Back in 1974 names like Foreman and Ali were as famous as companies like Google and Facebook are now. Google, like the older Ali, has been taking punches in the early rounds of the social

Google+Facebook Equals Time Bomb

An application written to allow integration between Facebook and Google Plus may be all you need to compromise your computer. According to a PCWorld report an application called Google+Facebook used a well known programming worst practice of downloading a JavaScript file upon launch. If you aren’t real technical and don’t know what this means, I

Well That Was Embarrassing

Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the

Do you Use Tumblr? Beware!

Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users

Windows Rootkit Requires Reinstall?

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.

LinkedIn Privacy: An Easy How‑to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

The Social Networking/Cybersafety Disconnect

Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%

Anti‑Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

Imitation is not always the sincerest form of flattery

Since its release in 2007, ESET Smart Security has received many accolades for its antimalware, antispam and firewall functions.  However, we have recently been the recipient of a very dubious honor; a rogue antivirus program which masquerades as our own software. The Rogues Gallery Rogue antivirus is a loose family of programs that claim to

Insider Threat: Malware on your ATM

  Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the

How to Get Security All Wrong

I suppose I could make this a really short blog and simply say “Do it like the TSA does”. It would be accurate, but perhaps doesn’t explain enough. In case you don’t know, TSA is said to stand for “Transportation Security Administration”, but I tend to think it means Terrorist Support Agency, as they do

PayPal Admits to Phishing Users

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a

The Perils of Craig’s List

Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after

What if your Virusproof Computer Catches a Virus?

An Australian company claims to have launched a “virus-proof” computer. They even say “ A fast, easy to use, computer that never gets viruses, EVER !” and then on the same page say “In the rare event that you manage to catch a virus on your virus-proof computer, we will re-load both Zone 1 and

Is Cyber Monday the End of Shopping as We Know it?

Cyber Monday is the Monday that follows Thanksgiving in the USA. This is said to be the busiest online shopping day of the year. Does that mean that there is more risk of cybercrime? The answer is yes and no. There is more risk simply because more people are shopping online so malicious web pages,

Google to Launch “Bob” ???

Remember Microsoft Bob? It was a shiny new windowing system on top of a windows kernel. Now Google is announcing the imminent release of the Chrome OS which, according to the official Google blog http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html is a new windowing system on top of a Linux kernel. So is it an OS or a GUI? Chrome

THIS IS THE FUNNIEST VIDEO EVER!!!!!!

Oh brother, don’t tell me you fell for that one! All capital letters, lots of exclamation marks, the classic signs of bad news. Yeah, Halloween is around the corner and it is about time for the fake e-cards to make their rounds and the emails with links to “videos” that are not really videos at

You’ve Got Bot!!!

Comcast has announced that they are trialing a new service that alerts users when their computers are infected. You can read about it here: http://news.cnet.com/8301-27080_3-10370996-245.html. Essentially what happens is that when Comcast notices traffic that looks like bot related traffic they will pop up a message on the subscriber’s computer that indicates there is a

National Cyber Security Month

October is National Cyber Security month. Groups like the National Cyber Security Alliance are promoting awareness of cyber security. On Tuesday at 11 AM Eastern Daylight Time (8 AM PDT and 4 PM GMT) Department of Homeland Defense Secretary Janet Napolitano will be giving a speech that will be broadcast live at www.dhs.gov. The Secretary

Extended Validation SSL

We received an interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some of

Keep Those Third Party Apps Patched!

You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything. It’s a good idea to

Calling Adobe’s Bluff

Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash

Potentially Abandoned Conficker Grows

According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using

Data Breaches – It’s All Greek to Me

The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled “U.S. Enterprise Encryption Trends”, has completed its fourth annual publication.  The data was directly obtained from

Social Networking or Social Suicide?

I just read a startling news story about how someone didn’t understand what NOT to post on Facebook. The article titled “British spy chief’s cover blown on Facebook” tells how the wife of Sir John Sawers put up way too much information on Facebook. You can read the story at http://tech.yahoo.com/news/nm/20090706/tc_nm/us_britain_mi6 You don’t have to

Password Mythology

I recently read an article about Facebook security problems at http://www.securitymattersmag.com/security-matters-magazine-article-detail.php?id=411 in which some advice on passwords was given. Some of the advice was quite good, but some was a bit shaky. I’ll go through the tips and tell you what’s hot and what’s not! Use a combination of uppercase and lowercase letters, symbols, and