ESET Threat Blog

Well, yes, that title is from a song by John D. Loudermilk, written with some (possibly accidental) prescience way back in 1962. Given the aggravation that 21st century phishing causes Google users, perhaps it's time for a new song dedicated to that particular pastime. In the meantime, I thought I'd mention a shoal of the … Read More…

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache.
The UI is essentially unchanged, but as usual all of … Read More…

Security companies in general and, unfortunately, anti-malware companies in particular, are often accused of ‘hyping’ threats because of a perceived self-interest. However, in the main, legitimate vendors and researchers like those at ESET typically try to resist overhyping or playing up threats where possible, in favor of more balanced discussion that can help customers take … Read More…

Not using Twitter or Facebook is, in these times, akin to not owning or using a mobile ‘phone. Last night’s events – the reported death of Osama Bin Laden – proved that we are well and truly in the Twitter era (Twitter reported that over 4000 tweets per second were made immediately preceding the President’s … Read More…

You may not be aware that ESET writers have been supplying blogs to SC Magazine for a while now. Recently, Randy Abrams and I were drafted in after the original contributors moved on, and we started contributing this week:

Poachers and Gamekeepers considers whether there is a conflict of interest when AV companies work with companies … Read More…

[Update: more information from ESET on this malware here.]
Last October, my colleague Tasneem Patanwala blogged about rogue antivirus masquerading as an ESET product. In that instance it was a product calling itself Smart Security, and Tasneem's blog includes lots of useful information about that particular malware, and fake AV in general.
Looking through my huge backlog … Read More…

Speaking of the October 2010 ThreatSense report, which includes an article on fake support and AV…
A few days ago I wrote an article about fake support scams, a topic I've addressed before for Security Week – Fake AV, Fake Support  -and here on the ESET blog. What was missing, I guess, was that extra edge you … Read More…

Urban Schrott, IT Security & Cybercrime Analyst, ESET Ireland, contributed an article to ESET's July ThreatSense report about support scams. Since this is an issue that is still being under-reported, we thought it was worth reproducing, with the urbane Mr. Schrott's permission, on the blog.
While we're on that topic, there's a video worth watching here, … Read More…

Further to my last blog here, it seems that I've been missing some serious fake AV telephone scam action. Some links provided by my good friend Steve B. Nice one, Steve.
ALERT: metsupport.com – yet another telephone based fraud (aka SupportOnClick revisited – again)
http://hphosts.blogspot.com/2010/06/alert-metsupportcom-yet-another.html
techonsupport.com, click4rescue.com, pcrescueworld.com: SupportOnClick revisited
http://hphosts.blogspot.com/2009/12/techonsupportcom-click4rescuecom.html
SupportOnClick: Phoned by Malwarebytes? BigPond? Anyone else?
http://hphosts.blogspot.com/2009/07/supportonclick-phoned-by-malwarebytes.html
SupportOnClick … Read More…

Yesterday I was advised by a researcher working for another security company of a story he'd heard from one of his colleagues based in the UK, concerning an attempt to sell what was claimed to be ESET antivirus software.
The individual concerned had received a phone call from someone claiming to be from Microsoft, and informing him that  notification … Read More…