Posts Tagged ‘ESET’

My Not-So-Funny Valentine

Wednesday, February 10th, 2010

I’d like to start off with something really soppy and sentimental but my heart’s not in it. ;-)

Clearly, we can expect more Valentine exploitation as the weekend draws nearer, but some malicious sites have already been flagged. (Apologies to those of you who’ll have seen some of this before at ESET or Mac Virus.)

ESET blogged (well, I did, actually) on “Valentine Scams: Romancing the Stony-Hearted”, listing some malware-populated domains Pierre-Marc Bureau had noted and citing an earlier blog by Dancho Danchev (http://ddanchev.blogspot.com/2010/02/how-koobface-gang-monetizes-mac-os-x.html) that includes quite a few dating scam sites and the like.

A number of us, including my colleague Urban Schrott at ESET Ireland, are seeing Russian bride spam , but when don’t we get that stuff? I guess it goes with being such hunks.

So it’s not surprising that David Marcus, at McAfee Labs, is reporting lots of SEO poisoning: these are some of the terms they report as being used to attract Googlers to malicious web sites:

  • Valentine’s Day Screensavers
  • Valentine’s Day Downloads
  • Valentine’s Day Wallpaper
  • Valentine’s Day Rolex
  • Valentine’s Day eCards
  • Animated Valentine’s Day
  • Valentine’s Day Greetings
  • Valentine’s Day Cupids
  • Valentine’s Day Gift Ideas

The McAfee blog is here:

http://www.avertlabs.com/research/blog/index.php/2010/02/10/valentines-day-searches-lead-to-malware/ 

And I’ve just received a link from my colleagues at ESET Latin America: it’s in Spanish, but includes some images cloaking malicious links, so that you can enjoy some pictures without risking the badware. ;-) (Thanks, Cristian!)

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

Tags: , , , , , , , , , , ,
Posted in David Harley, SEO poisoning, Valentine's Day | No Comments »

Win32/Zimuse

Friday, January 22nd, 2010

Not a Conficker-sized issue, but interesting:

http://www.eset.com/threat-center/blog/2010/01/22/bemused-by-zimuse-dis-is-not-one-half

http://www.eset.eu/press-computer-worldwide-targetted-by-MBR-Worm

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Tags: , , , , , ,
Posted in David Harley, MBR Worm, Win32/Zimuse | No Comments »

Privacy, AVG, Facebook, Uncle Roger Thompson and all

Monday, December 14th, 2009

My last post (http://avien.net/blog/?p=209) on Roger Thompson’s article about privacy concerns, “public” information and so on raised some interesting discussion.

Ironically (or perhaps appropriately) a lot of it was on Facebook.

I carried on the theme on the ESET blog, if you’re interested. “Your Data and Your Credit Card”, at:

http://www.eset.com/threat-center/blog/2009/12/14/your-data-and-your-credit-card

Note that due to a couple of system crashes, a link to Allan Dyer’s excellent article disappeared in the first published version, but is fixed now:

http://articles.yuikee.com.hk/newsletter/2009/12/a.html 

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Tags: , , , , , , , ,
Posted in AVG, David Harley, Facebook, Privacy, Roger Thompson | 1 Comment »

The Internet Book of the Dead (pointer)

Saturday, December 12th, 2009

I’ve just put up an article at ESET’s blog page that you might find interesting. In fact, if I wasn’t desperately trying to clear a backlog of stuff so that I can take a couple of days off, I’d have posted more on the topic here, but I am desperate, so here’s a simple pointer instead.

http://www.eset.com/threat-center/blog/2009/12/12/the-internet-book-of-the-dead

It’s basically a mock-up of an interview for the BBC that unfortunately didn’t take place, concerning the way your data outlive you.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Tags: , , , , , , ,
Posted in David Harley, Privacy, data protection | No Comments »

NOD32 beta test versions

Friday, December 4th, 2009

As we all know, there is, never has been, and never could be any Mac or Linux malware. If it did, no Mac or Linux user would fall for it, and if they did it would be their own fault. Microsoft-loving antivirus companies are simply looking for excuses to line their pockets.

(Guys, this is called irony! )

There you go. Now I’ve said it for you, there’s no need to clutter this page and my mailbox with fanboi comments and hatemail.

However, in case you’re gullible enough to believe that ESET, like other security companies, really believes that Mac and Linux users sometimes need anti-malware protection, we have now public beta test versions of our scanner available for OS X and for Linux desktop.

http://beta.eset.com/linux
http://beta.eset.com/macosx 

Declaration of interest: yes, I do currently work for ESET. And I am that gullible.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

 

Tags: , , , , , , ,
Posted in David Harley, Linux, OS X | No Comments »

Paedophilia and the Trojan (or SODDI) Defence

Thursday, November 26th, 2009

I just had a look at the tricky issue of the “Some Other Dude Did It” defence against conviction for downloading/possessing child pornography. Not an issue on which I want to expend two lengthy blog articles in one day, so I’ll just give you the pointer to the ESET blog.

http://www.eset.com/threat-center/blog/2009/11/26/paedophilia-and-the-trojan-defence
David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Tags: , , , , ,
Posted in David Harley, ESET, Malware, Uncategorized, paedophilia | No Comments »

Virus Proofing

Saturday, November 21st, 2009

Randy Abrams put up a blog yesterday at http://www.eset.com/threat-center/blog/2009/11/20/what-if-your-virusproof-computer-catches-a-virus about “Virus Proof Computers”: I guess he was referring to the PCs and laptops being marketed  by an Australian company called Setup Complete , a merry band of PC techs based in Sydney.

After reading Randy’s article, I thought I’d take a look myself.

The page at http://virusproofcomputers.com.au/how_it_works.htm tells me that I don’t need to know “HOW it works, just that it DOES work!” Nice. Old time antivirus marketing hype in a nutshell. “Trust me, I’m a vendor.” No wonder Randy was a little acerbic. (No, it isn’t true that ESET personnel are required to take a course in advanced sarcasm before they’re allowed to blog, but it might not be a bad idea.)

There is a little information there including, it turns out, a brief Youtube video that gives you a bit of an idea of what’s happening. It seems to be a dual boot arrangement, where you boot into zone 1 (Virus Proof Surfing) or zone 2, which is “just computing that we can’t sort out with the virus proof [settings?]“. The zone 1 desktop as shown in the video is nearly unreadable on my screen, but appears to be based on the use of Foxpro for surfing and, by the look, an open-source office package for other jobs like editing Word documents.

The five-year warranty as “additional protection” is mentioned  in the press release here: http://www.seekingmedia.com.au/news.php?newsid=857&g=-1

Despite the statement that “We know that our computers are totally virus proof, but as an added protection we are offering any customers who buy the computers a full five-year warranty that they will not contract a virus within that time” it seems that restitution is limited to restoring the machine to the condition it was in when originally shipped.

Does this sound as if I’m less than impressed? Not at all. It appears from http://www.setupcomplete.com/spyware.html that the company were not only able to clean spyware from an infected computer (heck, we can do that and we’re only an anti-malware company), but also to get the owner’s bank to restore $3,700 that was stolen from him. (Not, presumably by the bank, and not, presumably, from a Virus Proof PC.) 

Now getting that sort of banking service is impressive. ;-)

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Tags: , , , , , , ,
Posted in David Harley, Uncategorized, Virus | No Comments »

Lawyers in Love

Saturday, November 14th, 2009

One minute I was saying “…AMTSO in Prague next week…” and the next Prague was long gone, and so was AVAR in Kyoto. Hopefully, though, that was my last long trip for this year, and I’ll get into the habit of blogging regularly here. Well, I suppose once every blue moon is regular. ;-)

This is a bit of a cheat, since I already blogged it for ESET, but I’m a believer in green blogging with lots of recycling. Juraj Malcho, head of ESET’s virus lab in Bratislava, did an excellent paper and presentation at VB 2009 on “Is there a lawyer in the lab?”: it’s about the complications that ensue when the authors of Possibly Unwanted Applications and other blahware try to tie up anti-malware companies in legal process for daring to detect it as Something Not Very Useful. 

I think I may have just coined blahware: in this case, I’m referring not to those irritating Facebook applets that so many of my friends are addicted to, but to software which, if not actively malicious, is nevertheless of more value to its author than to anyone who’s misled into paying for it, and is distributed by semi-malicious channels such as spam or push-installations. I’d call it irrelevantware, but that’s not so catchy. And come to think of it, it probably does apply to most Facebook apps.

Anyway, the paper is at :

http://www.eset.com/download/whitepapers/Lawyer_in_the_lab.pdf,

The slide deck is at:

 http://www.eset.com/download/whitepapers/is-there-a-lawyer-in-the-lab.pdf.

Well worth looking at, and we don’t ask you for your email address when you download them, either. :)

David Harley CISSP FBCS CITP
Chief Operations Officer, AVIEN

Also blogging at:
http://dharley.wordpress.com/
http://www.eset.com/threat-center/blog
http://blogs.securiteam.com
http://blog.isc2.org/

Tags: , , , , , , , , , , ,
Posted in David Harley, ESET, Possibly Unwanted Applications | 1 Comment »