ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

An Amazing Story – The Soul of a New Machine

As many of us cruise the information superhighway (haven’t heard that for a while have you) on 64-bit machines, it might be a good idea to take a breath and remember a pioneer. Back in the days when a small team at IBM was building a general purpose 8 bit personal computer, Tom West and

Back to the Basics – AKA Not Sony Again?

Yes, it is Sony again. This time it is their Canada web site and their Japan website. According to thehackernews.com, which I cannot vouch for, this is the 10th Sony hack. While we don’t know how the PlayStation Network hack happened, we do have some information about how some of the other attacks were performed

Anyone Fluent in L33t speak?

I went to verify some information to complete my account registration with an office supply store. The last item looked like this I initially thought that if it is a word, it must be l33t speak, but ahh, Google Translate to the rescue! I don’t know what 443xje5 means in French or English, but the

LinkedIn Security and The Rapture

What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security

Dirty Rumors about Facebook and ESET

Perhaps you just read David Harley’s blog http://blog.eset.com/2011/05/20/facebook-gets-something-right. Now I am about to tell you about something else Facebook got right. With two accolades in one day dirty, unfounded rumors might start flying about Facebook buying ESET or infiltrating our blog with spies. To cast off such groundless speculation I’ll tell you about the part

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

Sony PlayStation – Rehacked reloaded?

In life one cannot reload a particular scene; however, in gaming one certainly can.  This is an unfortunate time for Sony PlayStation and customers due to the recent breach.  Anecdotal reports are now coming in that Sony PlayStation who opened up their gaming ecosystem recently has now potentially fallen to a password reset hack.  This

Android’s Anomaly?

There are reports coming out today about Google Android and how approximately 99.7% of its users are potentially open to compromise.  This news cycle started by the Ulm University publishing some information on the 13th of May showing some results.  I'm sure this story will develop and CTAC may follow-up to my blog with more details;

Facebook’s Search and Destroy

An article came out yesterday from Clement Genzmer who is a security engineer at Facebook.  His tagline is "searching and destroying malicious links".  Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to

Will the Comcast “Constant Guard™ Security Service” work?

I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about

ESET Version 5 Beta is here!

For those of you who have just been itching to test drive the beta of ESET Smart Security version 5 or ESET NOD32 version 5 the beta is now available. Just head over to www.eset.com/beta and I am sure you can find it. As always, remember that this is beta code and use on production

Osama Bin Laden Video Malware

The bad guys know you far too well. They know that all they have to do is say they have video footage of Bin Laden and many people will mindlessly click. As is always the case with any big news headlines, there are fake videos being posted with the intent of infecting your computer and

ESET Mobile Security Beta for Android is Here!

As I have blogged about the Android platform a recurring comment has been “When will ESET have protection for my Android?” Well, I still don’t know when it will be available for sale, but for those who understand the risks involved with running beta software, have backed up all of their data on their Adnroid

Sony PlayStation Network and Qriocity Services Hacked – 77 Million Accounts at Risk

Not one to let Epsilon or Oak Ridge National Laboratories hog the media spotlight, Sony, a seasoned expert at security blunders such as the famous Sony rootkit, has taken the spotlight for one of the biggest security breaches of all time. Hackers were able to access Sony’s network and according to Sony http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ the information

Will You Be Accused of Collecting Child Pornography

Throughout the years we have advised that you should use encryption on your home WI-FI. There are ma y reasons for this, including keeping your data confidential, but not having encryption enabled on your home WI-FI can put you at serious risk of having your doors knocked down and being arrested for downloading child pornography.

How to Avoid a Phishing Attack

With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself? Don't worry about spotting the phish, it is more important that you do not

Information Wants to be Free – So Epsilon Thinks

Information Wants to be Free If you are a member of the technology advocate crowd that uses this slogan for a mantra, you are going to love the Epsilon Company. Reports starting coming out on April 2nd that the mega email marketing giant, Epsilon was breached and millions of names and email addresses of customers

Samsung and I Got Bit by a VIPRE

Yesterday I reported that Samsung laptops were infected with a keystroke logger. This certainly appeared to be the case as a Samsung supervisor reportedly confirmed (http://www.networkworld.com/newsletters/sec/2011/040411sec1.html) that Samsung shipped infected laptops. Samsung has since indicated that this is not the case. This incident has some very important lessons. My entire information supply was polluted and

Facebook Fixes Flaw – Farmville Compromises Facebook

After the release of FireSheep, Facebook took an important step to help protect Facebook user accounts by allowing users to choose to keep an encrypted connection as long as they used just Facebook and intelligently designed apps. Savvy users immediately discovered that if they tried to use grossly insecure apps such as Farmville, 21 Questions,

It Doesn’t Hurt to Ask

Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy. If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a

The AV Industry from the Outside In and the Inside Out

I have a rather unique perspective on the antivirus industry. I used to work for Microsoft before they were a competitor. Come on, you can’t call MSAV from DOS 6 an antivirus product :) For over seven years my job at Microsoft was to make sure that Microsoft did not release any infected software. All

The Race to Zero

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008. The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and

Happy Birthday CastleCops!

Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes. Today it is a very great pleasure to wish a happy 6th anniversary

I AMTSO Happy to be here!

Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on

The Anti‑Spyware Coalition Public Workshop

Back in December of 2006 I posted an entry titled “The Spirit of Cooperation” . Today I am attending the Anti-Spyware Coalition Public Workshop in Washington DC. It is a very satisfying feeling sitting with staunch allies in the fight against spyware, adware, and other threats. Who are these allies? You would probably call them

Are You Ready for Valentine’s Day?

Got the flowers ordered? Dinner plans? eCard? Wait, eCard? I didn’t send her an eCard. The bad guys are ready for Valentine ’s Day. Actually they are not waiting. The jerks that brought you the storm worm are back at the eCard scam with amorous incantations about an  eCard for you. As a rule of thumb,

Auto‑Infect

PLEEEEASE Infect me This is what Windows says when you install it. You see, there is a default setting called “autorun” that will automatically run a program when you insert a CD or DVD or thumb drive into your computer. The idea is that you put the media in there to run a program, so

What’s a redirect and why is it bad?

A redirect is a way to take a web surfer to another site. Redirection is very useful when done right. Instead of getting an error message that the page cannot be found you can be redirected to a page that helps you find what you are looking for. At ESET we use redirects properly. If

Don’t Get Burned Twice

The current fires in Southern California are causing misery to hundreds of thousands of people. ESET LLC calls San Diego home and is acutely aware of the impact this is having on people’s lives. Not only is ESET providing assistance to employees impacted by the fire, but some employees are volunteering their time and money

Virus Bulletin – Vienna

Quite a while ago I posted a blog titled “The Spirit of Cooperation”  in which I spoke of the AVAR conference. Today I write from the Virus Bulletin conference. It could be my last blog if my boss finds out I’m writing a blog while he’s addressing us in a session at the conference :)

Beta Test This!

Well, I said I wasn’t going to post each time the storm gang changes their tactics, however, perhaps I can use many of their ploys to teach anti-scam education. The scum-scam du jour is an email asking you to beta test some software. One I saw went as follows: ———————————————————————————————— Would you consider helping us

Wow, a bulletproof vest!

Our heuristics have gotten pretty well tuned to the varieties of Storm Worms we’re seeing. We generally catch the new variants, but nobody is catching them all without incurring a significant false positive rate. There are probably some companies that would take issue, but when you block everything, including good, that counts as false positives

Is Everyone Really Bad?

Most of us were taught that most people are good and only a few are bad. This truism has carried over to computers where it is not applicable, especially in the case of email. It isn’t that there are more bad computer users than good ones though. Here’s how it works. If you have 100

Yahoo Messenger Vulnerability

Vulnerability in Yahoo Messenger that can potentially allow a remote attacker to hijack your PC is you accept a webcam invite. Of course, your friends are not going to exploit the flaw when they invite you to a video chat. The threat is when you get invites from untrusted sources. The obvious advice is to

Sugar Pill

WARNING! The following post contains examples of humor and satire. If you do not find this funny there is probably a pill for that too. We’ve seen Red Pill (http://invisiblethings.org/papers/redpill.html). We’ve seen Blue Pill (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html). Today I read about Purple Pill (http://blogs.zdnet.com/security/?p=427) and so I have decided to pre-emptively warn you about Sugar Pill. Sugar

You Have To Try Hard To Be Less Competent

So the people at untangle.com decide to “test” anti-virus product in an effort to prove their dedication to open source zealousness. I’m not against open source, but if you want to promote it then be honest about it. First untangle grabs a few samples of “viruses” that they know CLAM AV will detect. Unfortunately 1

eOops

Ok, now I’m in trouble. It seems that about the time of my post about eVil eCards and eVites our sales department was just about to use an eVite. Actually, for their intended purpose an eVite may well be the right tool for the job. How’s that you ask? The answer is context and clear

Why eCards, eVites, eGreetings, and such are eVil

There are a number of reasons why people should not send or read eCards and the like. I am hard pressed to think of any reasons why people should send them though. So, how about a list of reasons why you should not send or open them. 1) Social Engineering. E-ware, as I collectively call

Twisted advice

CISRT issued an advisory about an IM worm. This is a typical worm that you avoid quite simply by not opening attachments in IM, especially when they claim to be Paris Hilton Videos. There is nothing particularly interesting about the worm, but there is something interesting about the write up at http://www.cisrt.org/enblog/read.php?128. CISRT gives instructions