General | WeLiveSecurity

General

Good Bye Seoul!

This year’s Association of Antivirus Asia Research (AVAR) conference was held in Seoul, Korea.  The conference ended this evening after two days of presentations and discussions. The conference was a good opportunity to learn more about specific threats targeting Asia.  We learned that online game information stealing is prevalent in this part of the World

PaChat Targeted Attack in Canada

At the end of last week, we were made aware of a new targeted attack. The social engineering strategy and malware construction caught our attention because of its sophistication. The threat came as an e-mail addressed to a director at a company based in Canada. The e-mail was addressed with the full name, street address

Bot Stories

Computer experts are familiar with the .com file type. The .com extension is often used by binary program files under MS-DOS. Why is this important? Because anything that has the ‘.com’ extension on a windows system is considered as an executable file and is executed when a user doubles click on it. The same is

What’s a redirect and why is it bad?

A redirect is a way to take a web surfer to another site. Redirection is very useful when done right. Instead of getting an error message that the page cannot be found you can be redirected to a page that helps you find what you are looking for. At ESET we use redirects properly. If

Safe Halloween!

Today, we are celebrating Halloween and malware authors want to be part of the fun.  They love to disguise and they love zombies even more.  To celebrate Halloween, the operators of the Storm Worm have launched a new e-mail campaign to attract users to their malicious pages and infect their systems with the latest variant

Don’t Get Burned Twice

The current fires in Southern California are causing misery to hundreds of thousands of people. ESET LLC calls San Diego home and is acutely aware of the impact this is having on people’s lives. Not only is ESET providing assistance to employees impacted by the fire, but some employees are volunteering their time and money

Nuwar Traffic Analysis

Nuwar, also known as the Storm Worm, is a very popular threat in the antivirus industry this year.  This threat has attracted a lot of attention because of its sophistication and the strenuous efforts made by its authors to maintain a strong botnet.  The botherders who operate the Nuwar botnet control infected PCs with a

Virus Bulletin 2007

The antivirus industry sometimes has a reputation of being secretive or even aggressive to newcomers.  Only a small visit at the Virus Bulletin conference that is being held in Vienna this year is all it takes to convince anyone of the opposite.  It is impressive to see how much information is exchanged during the three

Virus Bulletin – Vienna

Quite a while ago I posted a blog titled “The Spirit of Cooperation”  in which I spoke of the AVAR conference. Today I write from the Virus Bulletin conference. It could be my last blog if my boss finds out I’m writing a blog while he’s addressing us in a session at the conference :)

Beta Test This!

Well, I said I wasn’t going to post each time the storm gang changes their tactics, however, perhaps I can use many of their ploys to teach anti-scam education. The scum-scam du jour is an email asking you to beta test some software. One I saw went as follows: ———————————————————————————————— Would you consider helping us

Wow, a bulletproof vest!

Our heuristics have gotten pretty well tuned to the varieties of Storm Worms we’re seeing. We generally catch the new variants, but nobody is catching them all without incurring a significant false positive rate. There are probably some companies that would take issue, but when you block everything, including good, that counts as false positives

Is Everyone Really Bad?

Most of us were taught that most people are good and only a few are bad. This truism has carried over to computers where it is not applicable, especially in the case of email. It isn’t that there are more bad computer users than good ones though. Here’s how it works. If you have 100

Honor Among Thieves

Yesterday, we were shooting a report for a television network in Canada.  Part of the report concerns the underground economy.  We decided to connect to an Internet Relay Chat (IRC)  server to see how much stolen credit card data is sold.  While looking at the never ending flow of people announcing their PayPal, egold and

Yahoo Messenger Vulnerability

Vulnerability in Yahoo Messenger that can potentially allow a remote attacker to hijack your PC is you accept a webcam invite. Of course, your friends are not going to exploit the flaw when they invite you to a video chat. The threat is when you get invites from untrusted sources. The obvious advice is to

Sugar Pill

WARNING! The following post contains examples of humor and satire. If you do not find this funny there is probably a pill for that too. We’ve seen Red Pill (http://invisiblethings.org/papers/redpill.html). We’ve seen Blue Pill (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html). Today I read about Purple Pill (http://blogs.zdnet.com/security/?p=427) and so I have decided to pre-emptively warn you about Sugar Pill. Sugar

You Have To Try Hard To Be Less Competent

So the people at untangle.com decide to “test” anti-virus product in an effort to prove their dedication to open source zealousness. I’m not against open source, but if you want to promote it then be honest about it. First untangle grabs a few samples of “viruses” that they know CLAM AV will detect. Unfortunately 1

eOops

Ok, now I’m in trouble. It seems that about the time of my post about eVil eCards and eVites our sales department was just about to use an eVite. Actually, for their intended purpose an eVite may well be the right tool for the job. How’s that you ask? The answer is context and clear

Why eCards, eVites, eGreetings, and such are eVil

There are a number of reasons why people should not send or read eCards and the like. I am hard pressed to think of any reasons why people should send them though. So, how about a list of reasons why you should not send or open them. 1) Social Engineering. E-ware, as I collectively call

Twisted advice

CISRT issued an advisory about an IM worm. This is a typical worm that you avoid quite simply by not opening attachments in IM, especially when they claim to be Paris Hilton Videos. There is nothing particularly interesting about the worm, but there is something interesting about the write up at http://www.cisrt.org/enblog/read.php?128. CISRT gives instructions

How about a Banking License?

A few weeks ago I did a podcast about a proposal for an “Internet Driver’s License”. All of my podcasts are at http://www.eset.com/podcasts/ and are available as MP3’s as well. I didn’t think the idea of the internet driver’s license would play out well, but I do think that perhaps an “Online Banking License” might