Don’t Forget to Write

By David Harley
May 2014

A review for Virus Bulletin of two recent eBooks that aim to provide security guidance and tips to consumers.

Botnets of the Mind

By David Harley
May 2013

An comment piece originally published in Virus Bulletin* observing a slightly unexpected relationship between hoaxes (and electronic chain messages in general) and botnets.

VB2013 speaker spotlight

By Lysa Myers and David Harley
June 2013

Virus Bulletin speaks to VB2013 presenters Lysa Myers and David Harley about their research interests and what they aim to bring to the conference.

Anti-Virus: Last Rites, or Rites of Passage?

By David Harley
February 2013

An article originally published in Virus Bulletin*, considering the current spate of 'AV is dead' hype. What would a world without for-fee antivirus be like?

An article for Computer Weekly's Security Think Tank column on why targeted attacks have moved on from being a problem that only affects governments and big companies.

Living the Meme

By David Harley
February 2012

A comment piece on how apparently innocuous Facebook games might be used as part of a data aggregation attack.
Originally published in Virus Bulletin, February 2012 *

AMTSO: the Test of Time?

By David Harley
January 2012

An article for Network Security - now available purchase from Elsevier - that looks at the present state of the Anti-Malware Testing Standards Organization. Can AMTSO really continue to build on its achievements so far? A no-fee pre-edit version of the article without graphics, publisher edits or formatting, is also available on the AMTSO blog-site here

When I’m x64: Bootkit Threat Evolution in 2011

By David Harley, Aleksandr Matrosov & Eugene Rodionov
February 2012

An article originally published in Hakin9 Magazine's 50th issue documenting interesting growth trends in complex threats, especially those targeting Microsoft Windows 64-bit.

An article for (SC)2's Security Zone column in Computer Weekly, on how businesses should empower all IT users to play an active part in protecting corporate data.

Hearing a PIN drop

By David Harley
September 2011

An article for Virus Bulletin offering preliminary results from research into selection strategies for numeric passcodes such as ATM and smartphone PINs.
Originally published in Virus Bulletin, September 2011. *

An article for Computer Weekly (May 2011) that suggests that the latest paper approved and released by AMTSO may be its most important document in years.

TDSS part 1: The x64 Dollar Question

By Aleksandr Matrosov, Eugene Rodionov & David Harley
April 2011

Considers and contrasts the distribution and installation of the TDL3 and TDL4 bootkits.

TDSS part 2: Ifs and Bots

By Aleksandr Matrosov, Eugene Rodionov & David Harley
April 2011

Looks in more depth at the internals of the TDSS malware.

Perfect Ten: Truth and Prognostication

By David Harley
January 2011

David Harley meditates on security soothsaying and takes a peek into his own crystal ball.

Chim Chymine: a Lucky Sweep?

By David Harley
September 2011

nalysis of bottom feeder malware that climbed onto the Stuxnet 0-day bandwagon.
Originally published in Virus Bulletin, September 2010. *

Is Facebook Good for your Health?

By David Harley
December 2010

Is the UK's National Health Service betraying its own principles by allowing Facebook to track visitors to its NHS Choices site?

Once More 'Round the AMTSO Wheel of Pain

By David Harley
November 2010

How the Anti-Malware Testing Standards Organization's new subscription model will enable the community at large to participate in its activities.

Rooting about in TDSS

By Aleksandr Matrosov & Eugene Rodionov
October 2010

This article for Virus Bulletin describes a utility for dumping the TDSS rootkit's file system.
Originally published in Virus Bulletin, October 2010. *

SC Magazine interview: David Harley, senior research fellow at ESET

By Dan Raywood of SC Magazine
October 2010

An interview with ESET's David Harley, former manager of the Threat Assessment Centre in the United Kingdom's National Health Service, in which he talks about security and the NHS.

Security Zone: Faking IT support

By David Harley
October 2010

An article for (ISC)2's regular column in Computer Weekly on the similarities between rogue AV and fake support scams.

Stuxnet Sux or Stuxnet Success Story?

By David Harley
September 2010

Article for Security Week on the vulnerabilities and incident dispersion behind Stuxnet, perhaps 2010's most interesting malware.

Shortcuts to Insecurity: .LNK Exploits

By David Harley
August 2010

An article for Security Week on the .LNK vulnerability classified as CVE-2010-2568 and exploited by Win32/Stuxnet, among other malicious programs.

Fake AV, Fake Support

By David Harley
July 2010

An article for Security Week, about scammers cold-calling potential victims to offer to clean non-existent malware and install pirated antivirus software.

By David Harley, June 2010
An article for Virus Bulletin on the implications of the PWN2KILL challenge at iAWACS 2010: is this the new face of AV testing?
Originally published in Virus Bulletin, June 2010. *

Anti-Malware Testing - Industry Insight

By David Harley
June 2010

ESET's Sr. Research Fellow and member of AMTSO's Board of Directors considers whether AMTSO is engaging with the public as well as it might.

TDL3: The Rootkit of All Evil?

By Aleksandr Matrosov and Eugene Rodionov
June 2010

Subtitled "Account of an Investigation into a Cybercrime Group", this is a comprehensive consideration, by researchers with ESET's partners in Russia, of the distribution and the internals of the TDL3 Rootkit, and the involvement of the Dogma Millions group.

A short presentation on Apple security for InfoSecurity Europe, based on a paper subsequently presented in more detail at EICAR 2010 and available here.

AMTSOlutely Fabulous

By David Harley
April 2010

A Spotlight article about what AMTSO has achieved so far and what might lie ahead. Featured in January 2010's Virus Bulletin and hosted on the AMTSO web site.
Originally published in Virus Bulletin, June 2010. *

The Weakest Computer Security Link

By Juraj Malcho
March 2010

Article in CTO Edge that explains how social engineering is used to trick computer users into downloading malware.

Crimeware and Current Hot Threats

By David Harley
March 2010

Article for Infosecurity Magazine that reviews both the tried-and-true and the latest methods that online criminals are using to steal information, and your money.

Facebook, Chain Letters are so Last Decade

By David Harley
March 2010

An article in Global Security Mag that discusses the evolution of yesterday's virus hoaxes and other chain letters to social networking sites like Facebook and Twitter.

Fact, Fiction and the Internet

By David Harley
January 2010

Discusses the increasing dangers of incautious use of social networking in an age where the regulation and use of data by financial and other institutions has not kept pace with a changing online world.

Never Mind Having Fun: Are We Safe Yet?

By David Harley
August 2009

Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que).
Originally published in Virus Bulletin, March 2009. *

CARO mio, AMTSO mon amour

By David Harley
June 2009

Commissioned article on the CARO (Computer Antivirus Researchers Organization) and AMTSO (Anti-Malware Testing Standards Organization) workshops in Budapest in May.
Originally published in Virus Bulletin, June 2009. *

The Myth of Fingerprints

By David Harley
March 2009

Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longe
r make sense. For purchase from Elsevier.

In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation.

A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher.

Malware testing

By David Harley
November 2008

Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry.

Yet Another Rustock Analysis...

By Lukasz Kwiatek and Stanislaw Litawa
August 2008

A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures.
Originally published in Virus Bulletin, August 2008. *

Macs and malware: What are the dangers?

By David Harley
July 2008

Reviews some of the reasons why Macintosh computers in corporate environments need protection.

The trouble with testing anti-malware

By David Harley
January 2008

An overview of the problems that make most anti-malware tests so unreliable.

Fixing the virus problem?

By Andrew Lee
July 2006

Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code.

Phish Fingering

By David Harley
July 2006

Review of "Phishing Exposed", Lance James's book for Syngress.
Originally published in Virus Bulletin, July 2006. *

War of the Words and I spy

By David Harley
September 2006

Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress.
Originally published in Virus Bulletin, September 2006. *

Sorry, we couldn't find any matches for the keyword you entered. Click here to show them all.

* Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.