ESET Threat Blog

TheJournal of West Virginia reported yesterday that 19-year-old Jonathan G. Parker was charged on Tuesday with felony daytime burglary. He’s alleged to have stolen two diamond rings worth more than $3,500, but to have taken some time out to access his Facebook account on the victim’s laptop.
If the report is correct, it seems that no sophisticated … Read More…

So, in case you were wondering about the progress of my abuse report to Yahoo!, I did indeed get a response within 48 hours, thanking me for my communication, assuring me that they’d investigate, and informing me that they wouldn’t be letting me know about the outcome of that investigation, as they don’t disclose information about … Read More…

A report from SANS concludes that security professionals may not be paying attention to some of the biggest threats out there today. Not terribly long ago the Windows operating system was the attack target of the bad guys. There were tons of exploitable vulnerabilities and they were heavily exploited. Since that time Microsoft has put … Read More…

There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude
But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like this.
From: … Read More…

SC Magazine has reminded me today of a new report on the top current security risks, jointly published by SANS, TippingPoint, who provided the attack data, and Qualys, who provided vulnerability data. With impressive modesty and finely-tuned understatement, Alan Paller of SANS describes it as the "best risk report ever".
Well, with added analysis and educational material … Read More…

We’ve just added my paper "The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic" to the White Papers page at http://www.eset.com/download/whitepapers.php.
This paper follows up on "A Dose By Any Other Name", which Pierre-Marc and I presented at Virus Bulletin last year and goes some way towards explaining (I hope…) why sample glut and … Read More…

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me.
I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in the … Read More…

ICE stands for “In Case of Emergency”. The idea is that you put ICE in front of the contact(s) on your phone that you would want to have called if something happens and emergency personnel look at your cell phone to try to figure out who to call. I recently found a cell phone at … Read More…

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at … Read More…

Kelly Jackson Higgins with Dark Reading reported that the anti-phishing technology on the iPhone is currently not working. You can read the article at http://www.darkreading.com/security/client/showArticle.jhtml?articleID=219700594&cid=nl_DR_DAILY_T
The truth is that no anti-phishing technology is reliable. The technologies can help, sometimes significantly, but the most effective protection is an educated user. All of the technologies have failure rates … Read More…