Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

email Scary Halloween cyber pranks

Scary Halloween cyber pranks

I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David

Apple Updates on OSX/Tsunami.A, a Mac OS X Trojan

Updates on OSX/Tsunami.A, a Mac OS X Trojan

Yesterday, ESET announced the discovery of a new threat against the Apple Mac OS X platform. Today, we have found a new version of the same threat. The new version is similar to the previous version with two important differences. The first addition to this threat is that it now implements persistence on an infected

General Win32/Duqu: It’s A Date

Win32/Duqu: It’s A Date

For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of

Linux Linux Tsunami hits OS X

Linux Tsunami hits OS X

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code

Black Hat SEO Gaddafi and Search Poisoning: Think before clicking on search results

Gaddafi and Search Poisoning: Think before clicking on search results

Scam artists and cyber-criminals welcomed today's news of the demise of Libyan leader Muammar Muhammad Abu Minyar al-Gaddafi (often referred to as simply Gaddafi or Gadhafi). Why? Because few events fuel Internet search activity as much as the death of a famous–or infamous–person, although celebrity weddings and divorces are also a big search driver. It's a

China US to China: tell us more about your censorship

US to China: tell us more about your censorship

According to a report from the New Zealand Herald, the US government is formally requesting China release more details on its censorship activities. The action, being pursued under World Trade Organization rules, is purportedly aimed at leveling the playing field of foreign websites trying to compete in China. The idea is that if the US

data leakage Another Massachusetts Health Services breach – at least they HAVE to report it

Another Massachusetts Health Services breach – at least they HAVE to report it

We see yet another breach hitting the headlines from a Massachusetts Healthcare Service provider, Spectrum Health Services. It seems during a break-in a hard drive was stolen, which contained names, addresses, phone numbers, dates of birth, Social Security numbers, diagnostic codes and medical insurance numbers. It is interesting because, unlike other states, Massachusetts law requires

Black Hat SEO A little light relief

A little light relief

Recently I've been collecting examples of comment spam. Essentially, this is for a research project that is somewhere fairly low on my to-do list. However, it does have a more positive aspect: whenever I feel at a loss for words and losing faith in my own wordsmithing ability, I scroll down to see what nice

General Tricare Injects B for Billions Into Privacy Breach Costs

Tricare Injects B for Billions Into Privacy Breach Costs

There I was last Friday morning, attending a cybersecurity conference hosted by the very venerable but also very high tech law firm of Foley and Lardner, awaiting my turn to speak, and the presenter said something about the cost of privacy breaches. At that moment, a news alert popped up on my iPhone: TRICARE Hit

data protection Hacked account? Many users don’t even notice

Hacked account? Many users don’t even notice

A recent report from Commtouch finds about one third of Gmail, Yahoo, Hotmail and Facebook users even noticed when they were hacked, and more than half found out later after friends alerted them. This lag time provides a wide open window for scammers to use social engineering techniques to target more valuable targets, and harvest

AMTSO Testing presentation slides: old whine in new bottle

Testing presentation slides: old whine in new bottle

The slides from an AMTSO-oriented presentation by Larry Bridwell and myself at this year's Virus Bulletin conference, on "'Daze of whine and neuroses (but testing is FINE)" are now available on the Virus Bulletin site are now available here (along with some other excellent presentations). The paper on which the presentation is based is on the ESET white papers

programming R.I.P. Dennis Ritchie: We may never C his like again

R.I.P. Dennis Ritchie: We may never C his like again

Sadly, Dennis Ritchie passed away today; there is a nice tribute to him here For anyone who ever learnt C programming back in school, you will, like me, probably have started out with the seminal text "The C Programming Language" written by Ritchie and Brian Kernigan. Ritchie was the co-creator of the C language –

General Mining Social Data Led to Johansson and Aguilera Hacks

Mining Social Data Led to Johansson and Aguilera Hacks

News that the FBI has arrested the Florida man they suspect of criminally hacking into devices belonging to celebrities such as Scarlett Johansson and Christina Aguilera is welcome, definitely a win for law enforcement and society at large. But the good news comes with a warning. The technique used by the alleged perpetrator was to