ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Adobe Flash, The Spy in Your Computer – Part 5

I didn’t expect a part 5, but here it is! Adobe has announced that they will be making some significant changes to Flash. In a blog post http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html Adobe’s marketing machine really pours it on thick, but there appears to be some good news. In the blog it is stat4ed that a future release of

Check your Facebook Account

Facebook is rolling out a new look for user profiles. Facebook started making its new profile optional last month, but is now forcing the new format on all users. At least one security expert I know indicated that his privacy settings were not maintained when his account was switched to the new format. On Facebook

Arrested for Cheating the Cheaters

Picture from https://secure.wikimedia.org/wikipedia/en/wiki/File:Casino_slots.jpg This is a really bizarre computer crimes case. A man knows of a bug in a gambling machine at casinos. He goes into the casinos, uses the machines with complete authorization, at least in some cases, if not all, asks casino staff to modify the machines and they willingly do so. The

Is it the iPhone or the User?

The folks at Trusteer got their hands on the logs from some phishing sites and found that people using iPhones are more likely to fall for phishing attacks than users of other devices, including PCs. Some of the findings included: Mobile users get to the phishing site sooner than PC users. Mobile users are 3

The Droid Army

The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web

What is Typo Squatting?

This short video blog explains a bit about typo squatting. For our readers who are not native English speakers, typo means typographical error, or in plain English, it means you typed the wrong letters in. Some websites buy domains with similar names so that you will still get where you want to go if you

What is Adult Traffic Trading.

This short video blog explains what “Adult Traffic Trading” is. This series of Video Blogs is in response to a study done about adult content web sites. This is a really, really short video, but the answer is simple enough to answer the question that it doesn’t need to be a long video. Randy Abrams

Getting a Kindle for Xmas?

This isn’t exactly a security post, although when things go wrong on electronic devices viruses almost always are suspected and blamed. Well, the truth is that sometimes it is a hardware problem. Many Kindle users complained of crashes. The Kindle has not been found to have exploitable vulnerabilities (yet) and isn’t even reported to have

A Primer on Drive‑by Downloads

Here in the Cyber Threat Analysis Center we’re starting to add video blogs. If the threat information I share doesn’t scare you, maybe my picture will :) This short video blog is about drive-by downloads. This is aimed at helping people who are not technical to understand the nature of the threat. Drive-by downloads are

Premium Phish

Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled. A picture of the body of the email is below. The “from” address would fool many people. The “to” address

Opt Out isn’t Just for One Day

Recently there was a lot of news around an “opt out day” with respect to the American TSA using scanners to take nude pictures of travelers. The idea was that if people opted out on one of the busiest travel days in the USA it would bring lines to a stand-still and perhaps cause the

WWW – Web Weaponization and WikiLeaks

Unless you’ve been on a sabbatical in a remote and unconnected part of the world, I don’t think you could have missed the news regarding WikiLeaks (the “whistleblower” web site) and its founder, Julian Assange. To put it succinctly, in the last few weeks, attempts have been made to shut down WikiLeaks’ operations- from payment

Is Barbie the Pedophile’s Best Friend?

A recent story http://www.telegraph.co.uk/news/worldnews/northamerica/usa/8180442/FBI-warns-Barbie-camera-could-be-used-by-paedophiles.html tells of a leaked FBI memo about the perils of a new Barbie doll. It appears that the new Barbie comes equipped with a web cam that can allow children to send videos of themselves across the net. The FBI, rightfully so, worries that this may be a weapon of pedophiles

That’s One Small Step for Law Enforcement

And a giant step for Internetkind. You really have to feel for the law enforcement officers throughout the world trying to bust the scum that attack your brothers, sisters, mother, father, grandparents, and everyone else. As hard as they try to catch and convict these dirt bags they run into all kinds of obstacles. One

Holiday eSafety Tips

Another year is almost gone and it seems that time is accelerated when December begins. Before you know it you’ll be out of time for shopping in time to get gifts delivered for winter holidays. Even though you may feel rushed, it is important to stay attentive when you are online. I expect that there

VPN, SSL, and HTTPS

In response to my recent cookie theft blog a reader asked the following questions: What is VPN, what is SSL and what is the significance of https? What precautions can we take if we need to do Internet banking from a public computer, Internet café for example? VPN, SSL and https are all about encryption.

Let’s Pull the Wool Over Your Eyes

Recently a tool called “Firesheep” was released. Firesheep makes it so that virtually anyone can hijack Facebook, and some other accounts when they are being used on unsecured public wireless networks. Firesheep takes advantage of the fact that Microsoft, Facebook, Twitter, Yahoo, and scores of other companies really couldn’t care less about your privacy or

Why is Unsecured Wi‑Fi So Risky?

I’m sure that at some point you have listened to the radio. A signal goes out and all radios in range can tune in to the broadcast. WI-FI is essentially a radio signal that transmits and receives data. The access point and your computer exchange information, but all computers with wireless capabilities can receive the

Firesheep, Idiocy, Ethics and the Law

This isn’t a highly technical post by any means, but in a follow up I will explain some basics for less technical users and provide some information on protection. Recently a Firefox extension called Firesheep was released. Firesheep makes account hijacking easy enough that highly unskilled users can do it. Here’s how it works. A

Mea Culpa

Some of you may notice that the blog entry “I See Antivirus Software in the Vista” has been changed. I made a mistake in referring to Vista Kernel Patch Protection (KPP) in Windows Vista 32-bit. There is no KPP in Windows Vista 32-bit edition. Rather than leaving inaccurate information up on the blog I have

Shhh – it’s a Secret!

There was recently a private meeting of security professionals hosted by Microsoft. This private meeting, complete with a public website has been called a “secret” meeting by some. Hmmm, secret meeting with a published agenda (http://isotf.org/isoi2.html) complete with date, time, location, and speakers. Some secret huh? Who was there and why did they meet? That

So You Have An Undetected Virus?

From time to time all anti-virus companies run into the situation where a user tells them that their product is not detecting some virus. Typically the user also wants to know why it isn’t detected when another product catches it. These inquiries rarely provide enough information to result in a meaningful answer. There can be

I See Antivirus Software in the Vista

OK, let’s all let out a big whoop and holler. Vista is launched and that means no more Vista Launch hype! On the downside there will now be all kinds of Vista IS launched hype. I was just reading some this morning. A competitor of Microsoft’s (and ours) was quoted as saying that in their

Storm Worm

OK, actually it is not a worm (always) and only the press calls it Storm Worm. Everyone else calls it by one of several other names. ESET calls it “Win32/Fuclip.A Trojan”, “Win32/Fuclip.D Trojan”, “Win32/Nuwar.S worm” or some times “Win32/Nuwar.T worm”. Symantec calls it “Trojan.Peacomm”. McAfee calls it “Downloader-BAI.gen Trojan”. Confusing? Well, it isn’t actually just

The IRS Is Not Offering You Money

You would think that with the cold winter weather people would want to stay inside, but Phishing is an all weather sport, and the phish du jour is an IRS scam. There are hundreds of these, but they go something like this: You get an email that appears to be from the IRS and they

Giving a New Computer?

Around this time of the year people often become first time computer users and learn the wonders, good and bad, of the internet. There are a few tips you can give a new user to help them avoid some of the perils. Actually, there are several million pages of tips in books and on the

Social Sites and Their Risks

In recent months malware on social sites has been in the media. There was the “Greygoo” worm that affected Second Life (http://secondlife.com/), as well as worms attacking MySpace (http://www.myspace.com) users. A recent worm that used QuickTime to spread to MySpace users also incorporated a Phishing attack. Users who accessed infected pages were sent to a

The Spirit of Cooperation

December 3-5 marked the 9th annual AVAR conference. This year yours truly got to be the conference chairman and ESET hosted the conference in New Zealand. AVAR is the Association of anti Virus Asia Researchers (http://www.aavar.org) and has a mission to prevent the spread and damage caused by malicious software, and to develop cooperative relationship

Beating the QuickTime Vulnerability

Apple QuickTime includes the ability to create a movie that can use JavaScript commands. This “feature” is referred to as the HREF track. One exploitation of this “feature” resulted in the spreading of a worm on MySpace. While the functionality itself has legitimate uses there is no legitimate reason for forcing active content from a

Microsoft and the Antivirus Industry

At the Virus Bulletin conference this year I gave a presentation on what I believe will be the impact of Microsoft entering the anti-virus industry. You can download the full paper at: http://www.eset.com/download/whitepapers/RandyAbrams_VB2006.pdf. Some people think that this is the beginning of the end of the anti-virus industry and cite examples, such as Netscape as

Does Vista need anti‑virus?

You may have seen a report that Jim Allchin, a Microsoft co-president said that the new lock down features in Vista are “so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.” Of course, the words “Lock down features” are very important. This means that the

Spycar: What Can It Tell You?

A while back I had a chat with Ed Skoudis, who with Tom Liston created Spycar. The log of the chat is available here. In this conversation Ed agreed that Spycar is not a comprehensive test for anti-spyware products, and that it was not designed to be such a test. Randy says: OK, so to

The Hamburglar Meets the iPod

The Hamburglar, http://en.wikipedia.org/wiki/Hamburglar, was the crook in some old McDonald’s commercials. It appears that Hamburglar has returned to steal information from McDonald’s customers. Don’t worry, you would have to be one of 10,000 winners (in Japan) to get this special treatment, the rest of us losers keep our passwords. McDonald’s unfortunately put their trust in

ESET NOD32 Blocks VML Exploit Attacks

Microsoft released an out-of-band patch for a vulnerability that affects how Internet Explorer and Outlook process VML code. VML is a method of displaying some high end graphics. If the vulnerability is exploited a remote attacker can gain control of your PC. ESET’s NOD32 is the first known anti-virus product to detect all known types

Is ZERT Right for You?

There have been a lot of articles about ZERT and their patch for the MS VML vulnerability. ZERT is a group of security researchers who feel that the danger of the vulnerability and lack of an MS patch warrants creating their own temporary patch. ESET, Microsoft, and a number of other security vendors do not

ESET Warns of New Vulnerability Affecting IE

For several months now we have a seen a trend where hackers who discover a vulnerability in a Microsoft product wait until the day after “Patch Tuesday” to release the exploit. This month there has been a proof of concept exploit released for the Microsoft DirectAnimation Path ActiveX Control. ActiveX controls are little programs that

What is a Behavior Blocker?

OK, so I told you I would blog about the Spycar test file – I will, but first you need to understand behavior blocking technology for anything about Spycar to make sense. Scanners and behavior blockers both attempt to stop viruses, spyware and other bad programs. The approaches used by scanners and behavior blockers are complementary

Doesn’t the EICAR test file look spiffy?

The EICAR test file was given a shiny new coat of paint this September (2006). Nothing inside the file changed, but the file is no longer “The Anti-virus test file”, it is now “The Anti-Virus or Anti-Malware test file”. Why the change? To answer that let us first look at what the EICAR file is

Good Tests are Important

Before joining ESET, I worked for Microsoft for over 12 years. Much of that time it was my job to make sure that Microsoft did not release any infected software. Properly selecting anti-virus software was essential. Proper testing of anti-virus software is time consuming, very tedious, requires significant resources, and takes some skill and knowledge.