ESET Threat Blog

Yeah, yeah, yet another coldcall scam post, but featuring a ploy I haven't come across before, intended to convince you that the scammer really knows something about your system, so that you're likelier to fall for the scam. 
Rebecca Herold reports for InfosecIsland that she was contacted by one of those helpful "support desk" people who … Read More…

Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy
Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face … Read More…

I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about … Read More…

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare.
The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say … Read More…

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing.
Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a link … Read More…

I have a rather unique perspective on the antivirus industry. I used to work for Microsoft before they were a competitor. Come on, you can’t call MSAV from DOS 6 an antivirus product
For over seven years my job at Microsoft was to make sure that Microsoft did not release any infected software. All … Read More…

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008.
The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines … Read More…

You may have seen the news about the bot masters in Spain who were arrested. Defense Intelligence http://defintel.com/docs/Mariposa_Analysis.pdf dubbed this Mariposa botnet. It is claimed that this botnet had the power to perform much stronger attacks than what Estonia witnessed a couple of years ago.  Still, this botnet is dwarfed by the largest botnet in … Read More…

 
 
If you listen to IT Security experts, they will regularly tell you to make your passwords difficult to guess. They will also tell you ensure it is not short, and has a mixture of alphabetic, numeric & special characters in it – and certainly don't use a word that is found in the dictionary.
Why do … Read More…

OK, this doesn’t actually foil Conficker, but it does block one of the attack vectors and prevents many other threats from automatically infecting your computer too,
It is the longest standing un-patched Microsoft vulnerability and Microsoft calls it a “feature”. The idea of autorun is to attempt to make it so that a person can use … Read More…