ESET Threat Blog

Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, … Read More…

There's been a certain amount of excitement in the last day or so about ZeuS-related malware that appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group) in order to make it look more official and persuade victims to click on the malicious attachment.

I've gone into more detail … Read More…

You can't have failed to notice that a lot of account/password combinations have been captured in recent years (especially this year) and made available on the Internet (e.g. Gawker, Rockyou, various Lulzsec dumps) for any bad actor to try to make use of. Not a good thing, but it has at least made it possible … Read More…

Well, yes, that title is from a song by John D. Loudermilk, written with some (possibly accidental) prescience way back in 1962. Given the aggravation that 21st century phishing causes Google users, perhaps it's time for a new song dedicated to that particular pastime. In the meantime, I thought I'd mention a shoal of the … Read More…

The days when I used to send out phish alerts are long gone: I wouldn't have time to blog them, let alone track them. But this message just turned up sent to the askeset@ account, alerting Mr askeset@ to a "problem":
You have an important update!
Access your account and update your account to resolve the problem.
Secure … Read More…

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads … Read More…

[UPDATE #1 at 12:15PM:  Added more information about location of earthquake and prior scams. AG]
We have just heard about the early September 4 (Saturday morning) earthquake near Christchurch, New Zealand, currently estimated at a Richter magnitude of 7.4. Our New Zealand distributor in Auckland is unaffected, but communications with the area are difficult.
As with any tragedy … Read More…

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently, … Read More…

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait … Read More…

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated.
In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a Chinese … Read More…