General | WeLiveSecurity

General

Two New White Papers

Two new papers have gone up on the ESET White Papers page at http://www.eset.com/download/whitepapers.php. (Strictly speaking, they're not altogether new: they include some material that has previously been blogged here.) The Internet Book of the Dead is a bit different from other papers you’ll find on the ESET white papers page. (Technically, it’s not actually

Ten Ways to Dodge Cyber‑Bullets (Part 6)

[Part 6 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Social Networks Can Be Very Anti-Social Don’t disclose sensitive information on websites like FaceBook or LinkedIn if you can’t be sure that you

Twitter and I

I just received another request to follow me on Twitter on a protected account, so perhaps it's time I clarified what all those accounts that are and aren't in my signature are for. @dharleyatESET is a protected account largely for work purposes.  I only accept requests to follow from people who really need to know

Can We Learn From Our Mistakes?

I've read with interest the recent developments regarding the "Aurora" exploit code. As you are probably aware this code exploits a vulnerability in Microsoft's Internet Explorer. Microsoft recently released an out-of-band patch to close off this vulnerability. Very soon after, we are seeing reports that the first widespread attacks that attempt to exploit this vulnerability

Unnamed App: it’s the SEO that matters, not the app

As more information and discussion has come in on this, it now merits an update in its own right. It seems that there is at least one other unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing

Attack Vector Recycling?

I received a fax today. Now, that may not be worthy of noting on here, apart from the fact that I hardly ever receive faxes these days. But the interesting fact is that it was sent to my US based fax number and offered me a great deal on a "New Health Plan" for only

Amazing WHAT???

An online friend of mine from China once told me they loved the song “Amazing Negro”.  It only took a moment to realize “Amazing Grace” http://www.sumo.tv/watch.php?video=3451832 was the song they were referring to. The song is best known as a “negro spiritual” and so I can understand the mental mix up, especially for one whose

Verified by Visa – Pushmi‑pullyu*

* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for

Unnamed App Facebook Scam

[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when

“Aurora” exploit code: from Targeted Attacks to Mass Infection.

Last Thursday, Microsoft released an out-of-band update to fix the latest vulnerability in Internet Explorer.  Since then, malware operators have been exploiting this vulnerability to install malware on thousands of PCs.  So far, we have detected more than 650 different versions of the exploit code which is detected as Trojan.JS/Exploit.CVE-2010-0249 by ESET antivirus.  We have

Generalist Anti‑Malware Product Testing

We have just come across a Buyer’s Guide published in the March 2010 issue of PC Pro Magazine, authored by Darien Graham-Smith, PC Pro’s Technical Editor. The author aims to give advice on which anti-malware product is the best for consumer users, and we  acknowledge that the article includes some good thoughts and advice, but

Ten Ways to Dodge Cyber‑Bullets (Part 5)

[Part 5 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Trust People, Not Addresses Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance,

We are not Zimused – a few updates

My colleague Juraj Malcho, head of lab in Bratislava, has clarified a point: what Zimuse actually does is fill the first 50Kb of a targeted disk with zeroes (actually the 0x00 character): This does indeed overwrite the MBR, but also overwrites anything else that occupies that area of the disk. The malware came to ESET's attention because

Bemused by Zimuse? (Dis is not one half)

Now here's a curiosity. Win32/Zimuse is a worm that exists in two variants, innovatively entitled Win32/Zimuse.A and Win32/Zimuse.B. In some ways it's a throwback to an earlier age, since it overwrites the Master Boot Record on drives attached to an infected system with its own data, so that data on the system becomes inaccessible without the

Nice Smartphone, Mr. Darcy: Fact, Fiction & the Internet

OK, I'll save the novel for another time. However, there's a rather less ambitious snippet of my recent writing at http://www.eurograduate.com/article.asp?id=3015&pid=1, an article called "Fact, Fiction and the Internet," and, further to some of my recent posts here, touches on the dangers of social networking. Though you might think that someone with as many twitter

R.I.P. IE 6

R.I.P. IE6 Targeted and sophisticated attacks against Google, Adobe, and Juniper used an unpatched vulnerability in Internet Explorer to breach computers. These incidents are receiving a lot of attention from the media much due to the size and notability of the companies affected. France, Germany and now Australia have issued guidelines and urged users to

Haiti: more resources

Jeff Debrosse, ESET's Senior Director of Research, has published some further resources on his personal blog at http://jeffdebrosse.wordpress.com/2010/01/15/haiti-info-and-update/ (help resources and security resources). As he explains there, Jeff is personally and emotionally closer to this tragedy than most of us, and I hope that his family all turn up safe and sound. I've also received pointers to

Haiti Help Resources

Update: more resources I picked up on  a security list just now (I'm drowning in email here!) Apologies for any duplication. Update 2: more additions below. @imaguid pointed out in a microblog that there's a pattern to the use of social engineering around disasters like the Haiti earthquake:  "first comes the tragedy, then malware purveyors exploiting the

Ten Ways to Dodge Cyber‑Bullets (Part 4)

[Part 4 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Good Password Practice Use different passwords for your computer and on-line services. Also, it’s good practice to change passwords on a regular basis

Anti‑Malware: Last One Out, Please Turn Off The Lights

It doesn't surprise me when someone says, like David Einstein of the San Francisco Chronicle, that there's no need for a Mac user to run anti-virus software. Though the most usual reason I see given is that there aren't any Mac viruses. (There are, but nowadays the main reason to run anti-malware on any platform