ESET Threat Blog

No, Craig Shergold doesn't need a heart transplant. Others do, but Facebook sharing isn't the best way to accomplish that. "Craig who?" you may be asking…
Back in 1989, the most successful sympathy (semi-)hoax of all time set out on its weary trek towards the Guinness Book of Records. The bare facts (as I understand them):  the story grew … Read More…

My Russian colleagues Aleksandr Matrosov and Eugene Rodionov have found some time to do some more analysis on Win32/Duqu. (Don’t you guys sleep?) In the previous post they concentrated on analyzing the Duqu configuration file format and extracting the exact date on which the system was infected. This time they investigated Duqu’s RPC (Remote Procedure … Read More…

I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David … Read More…

Yesterday, ESET announced the discovery of a new threat against the Apple Mac OS X platform. Today, we have found a new version of the same threat. The new version is similar to the previous version with two important differences. The first addition to this threat is that it now implements persistence on an infected … Read More…

For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of … Read More…

We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code … Read More…

Here's an example of search poisoning somewhat similar to that predicted by Stephen Cobb using the death of Gaddafi as a hook, noted by our colleague Raphael Labaca Castro, of ESET Latin America. The original blog is in Spanish. Raphael reports an email that comes with the following title (in Portuguese, suggesting that Brazilian Internet … Read More…

Scam artists and cyber-criminals welcomed today's news of the demise of Libyan leader Muammar Muhammad Abu Minyar al-Gaddafi (often referred to as simply Gaddafi or Gadhafi). Why? Because few events fuel Internet search activity as much as the death of a famous–or infamous–person, although celebrity weddings and divorces are also a big search driver. It's a … Read More…

According to a report from the New Zealand Herald, the US government is formally requesting China release more details on its censorship activities. The action, being pursued under World Trade Organization rules, is purportedly aimed at leveling the playing field of foreign websites trying to compete in China.
The idea is that if the US can … Read More…

Facebook has recently updated their security settings. In this How-to we highlight some of the updates and the security nuances to help you stay on top of your account security settings. Paul Laudanski blogged about the subject awhile back, if you want to reference that security primer.
When you login to your account, you may now … Read More…