Autorun and Conficker not dead yet: Threat Trends Report
The two most prevalent threats over 2011 were still INF/Autorun and Conficker: ESET's December ThreatSense Report looks at threat trends in the new year.
ESET Latin America
Safety online with a bang: dodging (more) cyberbullets
An updated version of the paper "Ten Ways to Dodge CyberBullets", addressing the question "what are the top 10 things that people can do to protect themselves against malicious activity?"
ESET July Threat Report
There is some pretty interesting content in ESET's Threat Report for July.
Enterprise Security: the Ten Commandments
...So here are what we consider to be the 10 commandments of corporate security...
Osama bin Laden is alive and well… on Facebook
The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth. As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates
Global malware thrives on the demise of a global terrorist
[NOTE: As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook. Click here to view their article in Spanish. We will follow up on this shortly. AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues
Soothsaying, Forsooth!
If you haven't yet had enough of the crystall balls that have been bouncing all over the media and the blogosphere in the past few weeks...
Crimeware Across the Globe
...time to share it here: not only for its insights into the Latin American crimeware scene, but even more so as a neat summary of the way in which global crimeware is distributed regionally...
Ecuador Government Web Site Attack
A situation has arisen in a governmental site in Ecuador. Taking advantage of a vulnerability on the server where the Web site is hosted, the attackers succeeded in accessing the system remotely.
Twitter Botnet Update
[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.
Botnet for Twits, Applications for Dummies
Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies
McAfee FP news misused for more SEO poisoning
We're now seeing a fiercely concentrated Blackhat SEO campaigns exploiting the McAfee False Positive (FP) problem. Juraj Malcho, our Head of Lab in Bratislava, reports that in a Google search like the one I've screendumped above, he got three malicious hits in the top ten (the same ones captured here: of course, the malicious domain
McAfee and SEO poisoning: there but for the grace…
ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please
Koobface Update
ESET Latin America has confirmed that the Koobface variants they're looking at download rogue security software and other trojans from active urls. They include: Win32/TrojanProxy.Small.NEB trojan Win32/PSW.Delf.NSE trojan Win32/Qhost.NTN trojan Win32/Agent.QWU trojan a variant of Win32/Koobface.NCI worm a variant of Win32/Koobface.NCP worm Win32/Adware.Antivirus2009.AA David Harley CISSP FBCS CITP Research Fellow & Director of Malware Intelligence
Massive New Koobface Campaign
Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see
New White Papers
Two new white papers have been posted on the white papers page at http://www.eset.com/download/whitepapers.php. (1) "Ten Ways to Dodge CyberBullets" by David Harley Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worst-dressed French poodles, the 10 most embarrassing political speeches and
Haiti Help Resources
Update: more resources I picked up on a security list just now (I'm drowning in email here!) Apologies for any duplication. Update 2: more additions below. @imaguid pointed out in a microblog that there's a pattern to the use of social engineering around disasters like the Haiti earthquake: "first comes the tragedy, then malware purveyors exploiting the
(Fake) Videos of Berlusconi attack
It is public knowledge that the Italian Prime Minister Silvio Berlusconi was hit in the face which left him with facial injuries, a broken nose and several broken teeth. The video of the attack is circulating on the Internet but at this time, if you search for them on any search engine it is possible
English Version of HTTPS video
As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/. Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https Thanks, Sebastián! David Harley Director of Malware Intelligence ESET LLC
Rogue Anti‑Malware Exploiting Athens Fire
Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!) The criminals are using Black Hat SEO (Search Engine