ESET Threat Blog

We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat … Read More…

Well, yes, that title is from a song by John D. Loudermilk, written with some (possibly accidental) prescience way back in 1962. Given the aggravation that 21st century phishing causes Google users, perhaps it's time for a new song dedicated to that particular pastime. In the meantime, I thought I'd mention a shoal of the … Read More…

It’s no secret that spam/botnets are big business. There are a multitude of variations on a familiar theme, but after they trick unwitting users, what happens to the money? University of California wondered the same thing. In their recent report, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” they analyze where the money goes, … Read More…

We like to give you plenty of warning when we suspect that something unpleasant is coming down the pike, even if it's just one of those likely bursts of Black Hat SEO (web search poisoning) that come with a media-friendly event.
Still, I suspect that if I told you we expect lots of malicious activity around … Read More…

I've added some commentary and resources on the Japan earthquake/tsunami disasters to an independent blog I maintain that specializes in hoaxes, scams and so forth, but here are a few of the same resources that aren't already included in my recent blogs here on the topic:

Analysis from Kimberley at stopmalvertising.com: http://stopmalvertising.com/blackhat-seo/recent-japanese-earthquake-search-results-lead-to-fakeav.html
Guy Bruneau at Internet Storm Center: … Read More…

My colleague from ESET Ireland, Urban Schrott, reports that the company has seen a megawave of Facebook spams:  five separate spams in 24 hours.
I've no idea of the numbers involved, but Urban's "think before you click" message is well worth repeating. The post is to ESET Ireland's CyberThreats Daily blog post: the company also has … Read More…

The February ThreatSense Report is now available from the ESET Threat Center. As well as the top ten threats reported globally by our ThreatSense.Net telemetry, it includes feature articles from Josep Albors and Urban Schrott, as well as some shorter news items:

From Russia with spam (Josep Albors)
Misplaced trust in trustworthy names? (Urban Schrott)
Nothing exceeds like … Read More…

[My colleague in Spain, Josep Albors, reports that Ontinet has been noticing lots of emails with links to forums. Following the links leads to a forum full of spam products, from replica watches to viagra. He's published a Spanish language blog on the topic, but here's a rough translation.]
Sending out unsolicited email on a massive scale … Read More…

As I've undoubtedly mentioned here before, one of the less obvious chores a security blogger has to find time for is to approve and - where appropriate - respond to comments. Though I use the term chore, it's by no means an unpleasant task: for every ill-mannered snottogram that gets submitted as a comment, there are many comments that … Read More…

[UPDATE #1 at 12:15PM:  Added more information about location of earthquake and prior scams. AG]
We have just heard about the early September 4 (Saturday morning) earthquake near Christchurch, New Zealand, currently estimated at a Richter magnitude of 7.4. Our New Zealand distributor in Auckland is unaffected, but communications with the area are difficult.
As with any tragedy … Read More…