ESET Threat Blog

To round out our series of malware and cybercrime predictions here are some of my thoughts on what the next 12 months will bring. I expect more high profile arrests of cyber-criminals but no abatement in criminal activity that seeks to profit at the expense of data owners. Some of these arrests will occur in … Read More…

In a scathing and far-reaching US Congressional report released recently the Transportation Security Administration (TSA) was characterized in these unflattering terms: “Since its inception, TSA has lost its focus on transportation security. Instead, it has grown into an enormous, inflexible and distracted bureaucracy, more concerned with human resource management and consolidating power, and acting reactively … Read More…

Citing a “serious lack” of attorney expertise in prosecuting cybercrime, New Jersey Prosecutor John Molinelli decided it was time for attorneys to go back to school. He states, “There was a serious lack of prosecuting attorneys – there’s probably a lack of attorneys, in general, who really know this area,” and decided to do something … Read More…

Urban Schrott, my colleague at ESET Ireland, has been sharing some interesting statistical information in recent months from surveys conducted on the company's behalf in Ireland, covering such issues as infection patterns, attitudes to security and safe computing, and password usage, and much of that information has found its way into our monthly Threatsense Reports … Read More…

SCADA, a network-enabled setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to Supervisory Control and Data Acquisition (SCADA) systems recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access … Read More…

[More news from my colleagues in Russia on their analysis of an interesting item of bank-targeting malware.]
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family. This trojan is notorious as one of the most widely spread malicious programs in Russia, stealing money from remote banking systems and primarily targeting … Read More…

Awhile back we noticed signals from the US Pentagon that they were considering the possibility of a traditional military response to cyber attacks on US physical infrastructure. Basically, a cyber attack on infrastructure could be considered an act of war. We now see the official report released, confirming this.
The report states, “When warranted, we will … Read More…

Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one … Read More…

Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around … Read More…

Here's an example of search poisoning somewhat similar to that predicted by Stephen Cobb using the death of Gaddafi as a hook, noted by our colleague Raphael Labaca Castro, of ESET Latin America. The original blog is in Spanish. Raphael reports an email that comes with the following title (in Portuguese, suggesting that Brazilian Internet … Read More…