Malware

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the “find” command in your word processor to locate a particular piece of text) or as

Now that cyberwarfare is out of the bottle, will anyone agree to not use it? In the summer of 1945 in New Mexico, the Trinity test gave rise to the term ground zero. Could Stuxnet may be measured as a definitive ground zero in cyberwarfare comparable to Trinity? Concerning Stuxnet’s latest rise in China, David

In my ever-widening circle of anti-cybercrime methodology this particular approach to attribution of the criminals looting the free world makes me particularly gleeful and I can’t wait to spread the good news: Security company HBGary today released an open source tool to digitally fingerprint malicious code and help identify the source of the malware. The

“Written in the form of a personal retrospective, this paper compares the earliest days of PC computer viruses with today’s threats, as well as provides a glimpse into the origins of the computer anti-virus industry.”

The attacks from cybercriminals are now occurring in the online stock and equity trading world. Instead of simply emptying out compromised brokerage accounts, cybercriminals apparently are refining their attacks and striking at broader and more lofty goals: the trust mechanisms of business equity valuations with publicly traded stocks and equities. George Hulme, InformationWeek contributing writer

Ouch. This affects virtually everyone including Mac, Linux, and Windows users. More can be found here at the PSIRT site. And yes, there is malware already associated already with it. A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that

In the survey, banks that were notifying consumers as quickly as possible or immediately across multiple channels performed well [and] they also improved cardholder confidence. Notifications over multiple channels were also significant.

Since the feed will be public and historic, there is a potential to research trends over the timeline, particularly as twitter is being used for more command and control functionality. As soon as it becomes available, we’ll follow up. 🙂

What would happen if every single one of the four BILLION cell phones on this planet just went dark? Or most likely, what would happen if every single cell phone went dark in one country? One scenario is a combined DoS attack on the internet was combined with a DoS attack on the cellular phone infrastructure at the same time.

 Better get your CFO to review UCC Article 4A and realign protocols with your business bank – The clear and present danger to our banking through malware hits at the heart of our economy: the SMB. Stealthy malware-based theft of funds start the clock ticking much quicker than most SMB owners realize and without action

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not

From time to time I hear people who don’t use antivirus software claim that it doesn’t matter, there isn’t anything of value on their computer. To begin with, just controlling your computer is of value to some criminals. If I can control your computer I can get paid to send spam from it, to install

  Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is “erin andrews death threat”.  Apparently,

Greetings, friends and fiends. It’s been a while since I’ve been able to blog: I’ve been trying out one of these vacation thingies that I keep reading about in travel magazines. (Well, my wife does, and she tells me when I need a holiday, presumably as my conversations get grouchier.) But I see that my

Ford Motor Company has recently announced that later this year it will be producing cars with built-in WiFi capabilities. Since 2008, the first generation of this system enabled owners of certain Ford, Lincoln & Mercury vehicles to connect media players & bluetooth devices to their entertainment systems. This second generation of its so called Sync

I recently received a couple of questions about malvertising in my askeset@eset.com. AskESET@eset.com is used only to field general security questions, I cannot and do not offer product support. Malvertising is a multi-compound word. Mal, in this case is short for malware, which means malicious software. “vertising” is the advertising portion of the word, so

It is public knowledge that the Italian Prime Minister Silvio Berlusconi was hit in the face which left him with facial injuries, a broken nose and several broken teeth. The video of the attack is circulating on the Internet but at this time, if you search for them on any search engine it is possible

[Update: I notice that at about the same time that I posted this, Sophos also flagged a blog reporting a somewhat similar fake update for Microsoft Outlook/Outlook Express (KB910721). The message is a lot different and links to a different site pretending to be Microsoft’s update site, but is clearly not to be trusted. So the

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET’s ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Modern cars are designed with crumple zones. These crumple zones help to decrease the risk of death in a severe car accident. Modern cars also have airbags. The airbags reduce your risk of death or injury in the case of an accident. If you don’t use a seatbelt your airbag and crumple zone are unlikely