ESET Threat Blog

Yesterday I reported that Samsung laptops were infected with a keystroke logger. This certainly appeared to be the case as a Samsung supervisor reportedly confirmed (http://www.networkworld.com/newsletters/sec/2011/040411sec1.html) that Samsung shipped infected laptops. Samsung has since indicated that this is not the case. This incident has some very important lessons. My entire information supply was polluted and … Read More…

A number of organizations dedicated to online hosting have launched an interesting initiative by naming this day, March 31th, World Backup Day. Who hasn’t ever lost a USB device and has regretted not having a backup? Who hasn’t experienced the death of a hard drive only to lose information that won’t ever be able to … Read More…

In Giving the cybercriminals a helping hand, Randy Abrams discusses how most Facebook app developers are making session hijacking too easy for the cybercriminals.
In A tsunami is also a crime wave I talk about the range of cybercrimes that have come out of the Japan earthquakes and tsunami.
And in Supporters Club I return to the topic … Read More…

After the release of FireSheep, Facebook took an important step to help protect Facebook user accounts by allowing users to choose to keep an encrypted connection as long as they used just Facebook and intelligently designed apps.
Savvy users immediately discovered that if they tried to use grossly insecure apps such as Farmville, 21 Questions, or … Read More…

[Final Update... I think -  THERE WAS NO KEYSTROKE LOGGER please see http://blog.eset.com/2011/03/31/samsung-and-i-got-bit-by-a-vipre to find out what happened.]
[Update – There will be a new blog about this incident. I relied upon the information at http://www.networkworld.com/newsletters/sec/2011/040411sec1.html that Samsung had confirmed the presence of the keystroke logger in asserting that the laprops were infected. Since then Samsung … Read More…

It appears that the group behind the Win32/Swizzor malware family has put an end to their operation. This malware family has been around since 2002. Security companies have seen hundreds of thousands of unique binaries classified as this family, which was installed on PCs through "affiliate" programs. The malware is used to display unsolicited advertisements … Read More…

Win32/Olmarik (also known as TDSS, TDL, Alureon and sundry less complimentary names) has gone through some interesting evolutions in the last couple of years.
TDL4 is no exception, with its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode … Read More…

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today:
A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)
Eugene Kaspersky … Read More…

Many parents are rightfully concerned about their kid’s participation in social networks. There are a number of areas to be concerned with. Who are the kids talking to? Is there a pedophile stalking them? Parents might worry about the friends their kids are making online and what kind of people, even their kid's own age, … Read More…

The subject lines of our blog posts may, or may not be appealing to you, but we hope you’ll enjoy the body of our posts, and if you do, there is now a “Like” button down at the bottom of the page for each blog post.
For those of you using NoScript, you’ll need to allow … Read More…