ESET Threat Blog

This wouldn’t normally be the place to discuss the ongoing decline of the fortunes of the British Government, but there have been several IT-security-related stories coming out of the Mother of Parliaments worth a closer look.
Back on March 10th, The Register reported that MP (Member of Parliament) Alun Michael had reported to the police that he … Read More…

Responding to a request for information about phishing and malware distribution mechanisms this morning, I happened upon a link on the Anti-Phishing Working Group site to the Silver Tail blog 
The site has been running a series of blogs on "Online Fraud from the Victim’s Perspective". Author Laura Mather tells the story of two victims, … Read More…

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date.
At the very least, … Read More…

There are quite a few reports currently about particularly ugly development son the fake AV front. The Register’s John Leyden has referred to a "double dipping" attack, in which the notorious Antivirus 2009 is implicated in an attack that goes beyond offering useless rogue anti-malware to inflicting actual damage on user data files, in order to force the victim … Read More…

OK, this doesn’t actually foil Conficker, but it does block one of the attack vectors and prevents many other threats from automatically infecting your computer too,
It is the longest standing un-patched Microsoft vulnerability and Microsoft calls it a “feature”. The idea of autorun is to attempt to make it so that a person can use … Read More…

Well, I’ve still had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to Adobe’s Security Notification Service. However, the RSS feed here does work.
Which is how I know that Acrobat Reader 9.1 and 8.1.4 for Unix were released yesterday, right on time. As expected, these address the JBIG2 … Read More…

The highly publicized Conficker worm has a new version that is assumed to trigger on April 1st. There are a few steps you should take right now.
First, back up any important data. This is just plain sound advice, regardless of viruses, worms, etc. A hard drive crash can destroy data.
Make sure that the Windows … Read More…

I just picked up a comment made today on a post Randy made about the comparative security of Macs and PCs. Since the original post goes back to 2006, it seems a pity to bury the comment on a page most people won’t get to.
In fact, since the comment reproduces an article in PC … Read More…

The BBC published a self-justification of sorts over the Click fiasco on Friday 13th March: when I came upon it the following morning, I posted a comment there, pointing out Mark Perrow had addressed the issues this industry hadn’t complained about, and ignored the issues that we were concerned about.
My comment is number 14, … Read More…

As we’ve mentioned here before, fake antimalware problems are a serious problem, both to the real security industry and to our customers. So it’s good to hear of action being taken against some of miscreants involved: more specifically, the takedown of the resurrected Traffic Converter site, a major player in the distribution of this particular form … Read More…