ESET Threat Blog

Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet.  The accuracy of those figures may be questionable, but … Read More…

While the so-called Fawkes Virus remains a nebulous idea, as I mentioned here yesterday, there's now much more information about the wave of offensive Facebook content that some have attributed to Anonymous and/or the Fawkes thing. Here are some of the better information sources we have identified .

Richi Jennings aggregated a number of comments for Computer World.
Facebook was widely quoted … Read More…

My colleague Daniel Novomeský alerted me to a problem he's observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space ("packing") or using a "protector" in order to make it … Read More…

The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth.  As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates … Read More…

[NOTE:  As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook.  Click here to view their article in Spanish. We will follow up on this shortly.  AG]
The malware phenomenon started by the announcement of Osama Bin Laden’s death continues unabated, … Read More…

Marketing hate it when I refer to competitor blogs, but Sophos' Vanja Svajcer, while discussing Adobe's accelerated security update (good move, guys!), makes a point that's worth three hearty cheers and a quote.
If nothing else, JavaScript should be disabled by default in Adobe Reader.
Go on Adobe, make my day.
Yesssssss!!!!
Though I'd settle for a slightly shorter step towards … Read More…

I was speaking with our friend David Perry at Trend Micro about the insecurity of social networking services and what steps users could take to strengthen their security online. In the course of our conversation, we came up with a list of simple steps you could take to better protect yourselves.

Be careful about whom you befriend. Many … Read More…

As we do each month, ESET has released its monthly threat report. As you might expect, there were a lot of Conficker detections out there. There were also almost as many detections for autorun threats that are not Conficker. In other words, if you have disabled autorun, then you protect against a lot more than … Read More…

One of my all time favorite quotes is by “"Those who cannot remember the past are condemned to repeat it." George Santayana said this in The Life of Reason or The Phases of Human Progress: Reason in Common Sense 284 (2nd ed., Charles Scribner’s Sons, New York, New York 1924 (originally published 1905 Charles Scribner’s … Read More…

Well, I’ve still had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to Adobe’s Security Notification Service. However, the RSS feed here does work.
Which is how I know that Acrobat Reader 9.1 and 8.1.4 for Unix were released yesterday, right on time. As expected, these address the JBIG2 … Read More…