ESET Threat Blog

In 2011 we made available a presentation from the 2011 CARO workshop in Prague about the first phases of our investigation into the Win32/Carberp cybercrime group (Cybercrime in Russia: Trends and issues). CARO Workshops are unusual in that they do not permit media to join and because they follow a strict no recording policy during … Read More…

I was interviewed yesterday by Fred Donovan, following up on the paper on AMTSO I presented at EICAR earlier this month. I may be prejudiced, but I think he's summarized my current  thoughts on the topic pretty well in the article, though it isn't my recommendation that the existing guidelines be reviewed independently: it was … Read More…

 In a recent blog I linked to my recent EICAR paper on AMTSO, but I also referred to an upcoming AMTSO workshop (last week in Munich, which explains the entirely gratuitous photograph taken at the Weihenstephan brewery) in which I anticipated a great deal of discussion about future directions.
Having returned a few days ago from … Read More…

A few months ago I wrote a fairly short comment piece for Virus Bulletin on how some popular posts to Facebook that invite you to make use of your personal data might be useful to scammers and others as part of some sort of data aggregation attack. An example I included was a popular posting … Read More…

Apologies if you're bored with my banging on about PC support scams, but it seems that there are plenty of people who aren't. At any rate, some of my previous blogs on the subject have attracted more comments than any of my blogs on other topics, and in fact, I've learned a great deal from some … Read More…

A while ago, I responded to a blog comment promising some thoughts on how to recognize a cold-calling PC support scam. Unfortunately, I wasn't able to do that immediately, and then I was on vacation with no Internet connectivity (I should do that more often!). But then, since the problem isn't going to disappear any … Read More…

[Updated to repair a glitch in the registration link.] 

I’ve had a long if intermittent association with the Anti-Phishing Working Group, going back to the early noughties when I represented the UK’s National Health Service there for a while, and subsequently as an individual member and through my association with ESET. Its focus has widened from … Read More…

This week we have detected another interesting attack vector. This time cybercriminals are using an interesting technique for hiding malicious Javascripts and employ implicit iFrame injection. At this moment we are tracking hundreds of infected legitimate web sites in the Russian internet segment using this technique of infection. Let’s analyze this attack method step by … Read More…

Andrew Lee just drew my attention to a poll carried out by an IT magazine in the UK, asking the question ‘Do you think it's necessary to use paid-for anti-virus software to effectively protect your PC?’ Clearly this is a question that a lot of people ask, but the answer is more complicated than you … Read More…

In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal.  Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.
I … Read More…