Blog

Stolen password checking: a question of trust

You can't have failed to notice that a lot of account/password combinations have been captured in recent years (especially this year) and made available on the Internet (e.g. Gawker, Rockyou, various Lulzsec dumps) for any bad actor to try to make use of. Not a good thing, but it has at least made it possible to capture some useful data on what the most common (and therefore easily-guessed) passwords are, and several security firms and researchers have used that data to advise readers on how to use better passwords.

Virtualization & Conferencing

Sadly, having signed up some time ago (see Conferencing in the Metaverse) for the SC Virtual Summit taking place today , I'm too tied up with other things to actually attend.The summit offers "live webcasts, videos and exhibitors all in a virtual world…" On entering the virtual exhibition hall, visitors can view live videos, download white papers and network with other visitors and SC Magazine UK staff, while in the virtual auditorium they can hear live webcasts.Well, I'm afraid you won't be able to interact with me on this occasion. However, I am taking part in the keynote session (11.

Made in the Czech Republic: a PHP Autorun worm

Recently, a new data-stealing worm caught our attention. The reason why it stands out from many similar amateur creations is that its author is most probably Czech, as the text strings, variable and function names used by the malware suggest.The Czech text above is displayed by the worm inside a console window and translates to: “Initializing. This operation can take several minutes.

Facebook Under Fire: From academic botnets to actual data police

Creating a fake Facebook account has always been a violation of Facebook’s terms and conditions so, on the face of it, researchers from the University of British Columbia (UBC) have just racked up a bunch of violations. How? As reported by TechCrunch and PC World, they created a network of about 100 bots that acted like humans, then the researchers pointed the botnet at Facebook and told it to make friends with human users and collect personal data, as described in this paper: The Socialbot Network: When Bots Socialize for Fame and Money.Before anyone panics, all the fake accounts and harvested data have been destroyed, according to the researchers. What remains frightening is the ease with which the attack was carried out, the degree to which it succeeded, and the vast amount of data (250 gigabytes) that it harvested in a very short period of time, using relatively few resources.

October: Facebook Facepalm, Feeling Safe Online, and a Small Tsunami

ESET's Threat Report for October has just gone up on the ESET Threat Center page. Apart from information on the Top Ten Threats of the month, it also includes:An article by ESET Ireland's Urban Schrott on how safe people feel online, based on a recent survey in IrelandAn article by David Harley wondering whether when one of our competitors inadvertently blocked access to Facebook as a malicious site, they were really so far off the mark, in the light of some recent disturbances in the Facebook AuraA summary of the ESET presentations and http://go.eset.com/us/documentation/white-paperspapers at the recent Virus Bulletin conference in BarcelonaA summary of ESET's discovery of a creaky backdoor for Linux recently recycled as an OS X Mach-O binary.

Are Government/Schools responsible for your security – (or is it all up to you)?

Awhile back we posted findings of a Harris poll showing public perception of Internet security, with some interesting results. This time we take a look at whether respondents perceive the Government and/or their schools have an implicit responsibility, or whether it lands squarely on their shoulders in the end (or should).Both schools and government have their work cut out for them. First let’s look at schools – According to the online survey conducted by Harris Interactive on behalf of ESET from August 25-27, 2011 among 2,202 adults ages 18 and over , 91 percent of U.

Facebook Sympathy Hoax: No Surprises

No, Craig Shergold doesn't need a heart transplant. Others do, but Facebook sharing isn't the best way to accomplish that. "Craig who?" you may be asking…Back in 1989, the most successful sympathy (semi-)hoax of all time set out on its weary trek towards the Guinness Book of Records. The bare facts (as I understand them):  the story grew that an appeal had been made on behalf of Craig Shergold, then aged nine and diagnosed  with a terminal brain tumour, to send him greetings cards so that he could make the Guinness Book of Records.

Win32/Duqu analysis: the RPC edition

My Russian colleagues Aleksandr Matrosov and Eugene Rodionov have found some time to do some more analysis on Win32/Duqu. (Don’t you guys sleep?)In the previous post (http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date) they concentrated on analyzing the Duqu configuration file format and extracting the exact date on which the system was infected.

Scary Halloween cyber pranks

I just looked in my junk box to find an “Amazing” sale on pirated software, but I have to act fast, as it’s only good until Halloween. My colleague Stephen Cobb points out the rate of effectiveness of scams would soar if the Nigerian scammers could afford a proof reader who spoke fluent English. David Harley has mused here about the oh-so-close-to-English-sounding scams which – through unfortunate translation – take on surly or just plain weird connotations. Apparently, Google translate only goes so far.

Updates on OSX/Tsunami.A, a Mac OS X Trojan

Yesterday, ESET announced the discovery of a new threat against the Apple Mac OS X platform. Today, we have found a new version of the same threat. The new version is similar to the previous version with two important differences. The first addition to this threat is that it now implements persistence on an infected system.