Botnets of the Mind

By David Harley,May 2013
An comment piece originally published in Virus Bulletin* observing a slightly unexpected relationship between hoaxes (and electronic chain messages in general) and botnets.
Download

  

Anti-Virus: Last Rites, or Rites of Passage?

By David Harley, February 2013
An article originally published in Virus Bulletin*, considering the current spate of 'AV is dead' hype. What would a world without for-fee antivirus be like?
Read article

  

Are companies too confident about targeted attacks?

By David Harley, July 2012
An article for Computer Weekly's Security Think Tank column on why targeted attacks have moved on from being a problem that only affects governments and big companies.
Read article

  

Living the Meme

By David Harley, February 2012
AA comment piece on how apparently innocuous Facebook games might be used as part of a data aggregation attack.
Originally published in Virus Bulletin, February 2012*
Download

  

When I’m x64: Bootkit Threat Evolution in 2011

By David Harley, Aleksandr Matrosov & Eugene Rodionov, February 2012
An article originally published in Hakin9 Magazine's 50th issue documenting interesting growth trends in complex threats, especially those targeting Microsoft Windows 64-bit.
Read article

  

AMTSO: the Test of Time?

By David Harley, January 2012
An article for Network Security - now available purchase from Elsevier - that looks at the present state of the Anti-Malware Testing Standards Organization. Can AMTSO really continue to build on its achievements so far? A no-fee pre-edit version of the article without graphics, publisher edits or formatting, is also available on the AMTSO blog-site here.
Read article

  

Socialisation, social engineering, and securing the enterprise

By David Harley, November 2011
An article for (SC)2's Security Zone column in Computer Weekly, on how businesses should empower all IT users to play an active part in protecting corporate data.
Read article

  

Hearing a PIN drop

By David Harley, September 2011
An article for Virus Bulletin offering preliminary results from research into selection strategies for numeric passcodes such as ATM and smartphone PINs.
Originally published in Virus Bulletin, September 2011.*
Read article

  

Security Zone: Antivirus testing standards at a crossroads

By David Harley, May 2011
An article for Computer Weekly (May 2011) that suggests that the latest paper approved and released by AMTSO may be its most important document in years.
Read article

  

TDSS part 1: The x64 Dollar Question

By Aleksandr Matrosov, Eugene Rodionov & David Harley, April 2011
Considers and contrasts the distribution and installation of the TDL3 and TDL4 bootkits.
Read article

  

TDSS part 2: Ifs and Bots

By Aleksandr Matrosov, Eugene Rodionov & David Harley, April 2011
Looks in more depth at the internals of the TDSS malware.
Read article

  

TDSS part 3: Bootkit on the other foot

By Aleksandr Matrosov, Eugene Rodionov & David Harley, April 2011
The last part of the series describes the TDSS loading process.
Read article

  

Perfect Ten: Truth and Prognostication

By David Harley, January 2011
David Harley meditates on security soothsaying and takes a peek into his own crystal ball.
Read article

  

Is Facebook Good for your Health?

By David Harley, December 2010
Is the UK's National Health Service betraying its own principles by allowing Facebook to track visitors to its NHS Choices site?
Read article

  

Once More 'Round the AMTSO Wheel of Pain

By David Harley, November 2010
How the Anti-Malware Testing Standards Organization's new subscription model will enable the community at large to participate in its activities.
Read article

  

Rooting about in TDSS

By Aleksandr Matrosov & Eugene Rodionov, October 2010
This article for Virus Bulletin describes a utility for dumping the TDSS rootkit's file system.
Originally published in Virus Bulletin, October 2010.*
Read article

  

SC Magazine interview: David Harley, senior research fellow at ESET

By Dan Raywood of SC Magazine, October 2010
An interview with ESET's David Harley, former manager of the Threat Assessment Centre in the United Kingdom's National Health Service, in which he talks about security and the NHS.
Read article

  

Security Zone: Faking IT support

By David Harley, October 2010
An article for (ISC)2's regular column in Computer Weekly on the similarities between rogue AV and fake support scams.
Read article

  

Chim Chymine: a Lucky Sweep?

By David Harley, September 2011
Analysis of bottom feeder malware that climbed onto the Stuxnet 0-day bandwagon.
Originally published in Virus Bulletin, September 2010.*
Read article

  

Stuxnet Sux or Stuxnet Success Story?

By David Harley, September 2010
Article for Security Week on the vulnerabilities and incident dispersion behind Stuxnet, perhaps 2010's most interesting malware.
Read article

  

Shortcuts to Insecurity: .LNK Exploits

By David Harley, August 2010
An article for Security Week on the .LNK vulnerability classified as CVE-2010-2568 and exploited by Win32/Stuxnet, among other malicious programs.
Read article

  

Fake AV, Fake Support

By David Harley, July 2010
An article for Security Week, about scammers cold-calling potential victims to offer to clean non-existent malware and install pirated antivirus software.
Read article

  

PWN2KILL, EICAR and AV: Scientific and Pragmatic Research

By David Harley, June 2010
An article for Virus Bulletin on the implications of the PWN2KILL challenge at iAWACS 2010: is this the new face of AV testing?
Originally published in Virus Bulletin, June 2010.*
Read article

  

Anti-Malware Testing - Industry Insight

By David Harley, June 2010
ESET's Sr. Research Fellow and member of AMTSO's Board of Directors considers whether AMTSO is engaging with the public as well as it might.
Read article

  

TDL3: The Rootkit of All Evil?

By Aleksandr Matrosov and Eugene Rodionov, June 2010
Subtitled "Account of an Investigation into a Cybercrime Group", this is a comprehensive consideration, by researchers with ESET's partners in Russia, of the distribution and the internals of the TDL3 Rootkit, and the involvement of the Dogma Millions group.
Read article

  

Apple, Security, and the Power of Perception

By David Harley, April 2010
A short presentation on Apple security for InfoSecurity Europe, based on a paper subsequently presented in more detail at EICAR 2010 and available here.
Read article

  

AMTSOlutely Fabulous

By David Harley, April 2010
A Spotlight article about what AMTSO has achieved so far and what might lie ahead. Featured in January 2010's Virus Bulletin and hosted on the AMTSO web site.
Originally published in Virus Bulletin, June 2010.*
Read article

  

The Weakest Computer Security Link

By Juraj Malcho, March 2010
Article in CTO Edge that explains how social engineering is used to trick computer users into downloading malware.
Read article

  

Crimeware and Current Hot Threats

By David Harley, March 2010
Article for Infosecurity Magazine that reviews both the tried-and-true and the latest methods that online criminals are using to steal information, and your money.
Read article

  

Facebook, Chain Letters are so Last Decade

By David Harley, March 2010
An article in Global Security Mag that discusses the evolution of yesterday's virus hoaxes and other chain letters to social networking sites like Facebook and Twitter.
Read article

  

Fact, Fiction and the Internet

By David Harley, January 2010
Discusses the increasing dangers of incautious use of social networking in an age where the regulation and use of data by financial and other institutions has not kept pace with a changing online world.
Read article

  

Never Mind Having Fun: Are We Safe Yet?

By David Harley, August 2009
Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que).
Originally published in Virus Bulletin, March 2009.*
Read article

  

CARO mio, AMTSO mon amour

By David Harley, June 2009
Commissioned article on the CARO (Computer Antivirus Researchers Organization) and AMTSO (Anti-Malware Testing Standards Organization) workshops in Budapest in May.
Originally published in Virus Bulletin, June 2009.*
Read article

  

The Myth of Fingerprints

By David Harley, March 2009
Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longe
r make sense. For purchase from Elsevier.
Read article

  

Making sense of anti-malware comparative testing

By David Harley, March 2009
In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation.
Read article

  

Making sense of anti-malware comparative testing

By David Harley, March 2009
A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher.
Read article

  

Malware testing

By David Harley, November 2008
Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry.
Read article

  

Yet Another Rustock Analysis...

By Lukasz Kwiatek and Stanislaw Litawa, August 2008
A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures.
Originally published in Virus Bulletin, August 2008.*
Read article

  

Macs and malware: What are the dangers?

By David Harley, July 2008
Reviews some of the reasons why Macintosh computers in corporate environments need protection.
Read article

  

The trouble with testing anti-malware

By David Harley, January 2008
An overview of the problems that make most anti-malware tests so unreliable.
Read article

  

Fixing the virus problem?

By Andrew Lee, July 2006
Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code.
Read article

  

Phish Fingering

By David Harley, July 2006
Review of "Phishing Exposed", Lance James's book for Syngress.
Originally published in Virus Bulletin, July 2006.*
Read article

  

War of the Words and I spy

By David Harley, September 2006
Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress.
Originally published in Virus Bulletin, September 2006.*
Read article

  

Re-Floating the Titanic: Dealing with Social Engineering Attacks

By David Harley, 1998 [sic]
A paper originally presented at the 1998 EICAR conference, but which is currently being cited by a number of other resources due to its still topical taxonomical content and observations on good password practice.
Read article

  


*Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.