For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to
ResearchExpert content, for researchers by researchers
The malware news today is all about new targeted, high-tech, military grade malicious code such as Stuxnet, Duqu and Flamer that have grabbed headlines. So imagine our surprise when an AutoCAD worm, written in AutoLISP, the scripting language that AutoCAD uses, suddenly showed a big spike in one country on ESET’s LiveGrid® two months ago,
As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix
Just as I was putting the finishing touches on a blog post about the need to keep your data and devices safe on summer travels, I got an email from Apple letting me know that now was a great time to buy a Mac for college. I don't plan to go back to college at
Summer is here and for many families that means travels plans, but do your summer travel plans include taking care of your data and digital devices? Which digital devices do you plan to take on your trip and what sort of data do they contain? Perhaps more importantly: What kind of data can they access?
You may have heard that the organization known as europe-v-facebook found that a little-know provision in Facebook’s privacy and user rights policies allowed a vote on proposed changes to be forced if over 7,000 respondents were interested and submitted comments to that effect. When europe-v-facebook publicized this, users swarmed to show support and get their
In the middle of working on a blog post about SMS phishing scams at my desk last night, I received a rather strange call. The number displayed on the Caller ID was +1 (360) 474-3925. I did not recognize the number, but since it was 7:10PM, I assumed it was a colleague trying to reach
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
If the scary email or app notification–and subsequent webpage–is to be believed, you have only a few days to verify your Facebook account or you’ll be out of luck. But don’t worry, a few days later you will magically get a few more days to verify, and so the scam goes. A Twitter follower with
The slow drip of revelations about Flame have kept this piece of malware in the news for more than two weeks so it is worth reminding people that most antivirus programs now protect against Flame (ESET products detect it as Win32/Flamer.A). The coverage of Flame was boosted last week by a conveniently-timed assist from leaks
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
It's important to know the worst password choices, but also the worst choices for numeric passcodes.
This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard
We read in the New York Times that Google is rolling out a service that will attempt to alert users when it thinks their accounts might be subject to hacking by a government, hoping the user will take precautions after getting a notice that says “Warning: We believe state-sponsored attackers may be attempting to compromise
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays'2012.
Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
A week ago the big malware news was the code known as Flame, Flamer, or sKyWIper (detected by ESET as Win32/Flamer.A), then on June 1, this news broke: "A damaging cyberattack against Iran’s nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama." (Washington Post) Clearly,
DNSChanger, a piece of malware that re-routed vast swathes of Internet traffic through rogue DNS servers after users became infected, was shut down by the FBI late last year. But simply shutting down the servers altogether would have ‘broken’ many hundreds of thousands of computers still infected–rendering it difficult for them to get help via
Despite the confusion and the stampede to claim detection ownership, W32/Flamer is more than a media sensation.
The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.