ESET Threat Blog

I came across a nice article today by Dennis Fisher on “The Root of the Botnet Epidemic”.
It's the start of what looks like an interesting series on "the roots, growth and effects of the botnet epidemic" and the first aricle takes a historical overview of the situation around the turn of the century, looking at … Read More…

A few months ago Randy and I put together a white paper on password "good practice" (http://www.eset.com/download/whitepapers/EsetWP-KeepingSecrets20090814.pdf). 
In it, I quoted the following table of The Ten Most-Used Passwords (sourced from http://www.whatsmypass.com):

1

123456

2

password

3

12345678

4

1234

5

pussy

6

12345

7

dragon

8

qwerty

9

696969

10

mustang

 Today, I came across an @SecurityGarden blog at http://securitygarden.blogspot.com/2009/11/passwords-and-user-names.html that quotes heavily from a report called Do and don'ts for p@$w0rd$ (http://blogs.technet.com/mmpc/archive/2009/11/27/do-and-don-ts-for-p-w0rd.aspx) from the Microsoft Malware … Read More…

Now here's a useful link (thanks to Mikko Hypponen for the tweet that brought it to my attention).
I've made the point several times here about being cautious about URLs shortened by bit.ly, tinyurl and the many others. Which is why when I flag our blogs and papers on twitter, I normally use tinyURL or sURL … Read More…

This is a follow-up of sorts to Jeff Debrosse's thoughtful post recently on the problem of possible conviction for the possession of illegal paedophiliac material of individuals who had no knowledge of its presence. More recently, a tweet by Bob McMillan drew my attention to an article by Geoff Liesik on "Authorities scoff at 'child porn … Read More…

The much reported/blogged iPhone worm does not affect all iPhones. Specifically it affects SOME iPhones that have been jailbroken. A significant part of the iPhone and iPod Touch security model is a technique called “whitelisting”. This is not new and is known to be a very effective security technology that can be used to prevent … Read More…

Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability … Read More…

 With Thanksgiving and the start of the holiday shopping season almost upon us, I notice that quite a few sites are giving safe surfing advice. Since we already covered that a few days ago, I'll just post these pointers to those blogs.

Is Cyber Monday the End of Shopping as We Know it?
http://www.eset.com/threat-center/blog/2009/11/19/is-cyber-monday-the-end-of-shopping-as-we-know-it

And talking … Read More…

I wanted to share with you some more results from the cybercrime survey ESET commission and recently released. You can find the entire report at http://www.eset.com/company/CERC_Poll_2009_Oct.pdf.
57% of American computer owners now bank online, however the more money a person makes the more likely they are to bank online. 2/3rds of computer owners who earn $80,000 … Read More…

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3.
So here are the update bits again.
[Update, … Read More…

[Update: Michael St Nietzel also pointed out that there's an issue with installers that verify a checksum before installation. In fact, this is a special case of an issue I may not have made completely clear before: unless this approach is combined with some form of whitelisting, there has to be some way of reversing the modification ... Read More…