ESET Threat Blog

If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest.
@Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or @dharleyatAVIEN, … Read More…

[Update: it appears that the information I had earlier was incorrect or out-of-date, and there has been loss of life. There's also a report from TechHerald suggesting early exploitation of the incident for SEO poisoning leading to fake AV. However, a quick scan currently (Monday evening) shows news items from such known malefactors as the ... Read More…

Inevitably, CanSecWest  2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR [1]) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone.
For details and extensive comment see:

http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/
http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/
http://www.theregister.co.uk/2010/03/25/pwn2own_2010_day_one/
http://macviruscom.wordpress.com/2010/03/24/cansecwest-go-west-young-mac-but-fuzzily/
http://macviruscom.wordpress.com/2010/03/19/touching-base/
http://threatpost.com/en_us/blogs/iphone-hacked-pwn2own-sms-database-stolen-032410

The take-home message from … Read More…

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 
Miller … Read More…

Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves.
"Touching (or Bumping) Base" addresses a mixed bag of issues:

Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products" for … Read More…

[Update: The Register's John Leyden has also commented on the issue at http://www.theregister.co.uk/2010/02/16/apple_bans_iphone_hackers/]
There's been a burst of interest in the last day or so in the blocking of certain Apple IDs from the iTunes App Store. Some bloggers have suggested that this might be a precursor to a massive blocking of jailbroken phones from accessing the … Read More…

As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users.
Dancho’s post, which has lots of other links, is at:
http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460
David Harley CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): … Read More…

These are a few questions relating to ESET's antivirus scanner for OS X, which is currently in beta, that I was asked in response to a post at Mac Virus. (If you want to take the beta out for a spin, you can still download it at http://beta.eset.com/macosx.)
As these questions are very ESET-specific, I thought … Read More…

No, I'm not talking about a newly-discovered and virulent OS X upconversion of SevenDust or AutoStart 9805.
Mac Virus is a site founded by Susan Lesch in the 1990s, when pre-OS X Mac-specific malware was still a serious issue - AutoStart in particular caused significant damage back then – and cross-platform macro viruses were also a major problem. … Read More…