Exploit Kit plays with smart redirection (amended)
By Aleksandr Matrosov at 5 April, 2012, 10:58 am
This week we have detected another interesting attack vector. This time cybercriminals are using an interesting technique for hiding malicious Javascripts and employ implicit iFrame injection. At this moment we are tracking hundreds of infected legitimate web sites in the Russian internet segment using this technique of infection. Let’s analyze this attack method step by … Read More…
(No Ratings Yet)
Loading ...Free Anti-virus: Worth Every Penny?
By David Harley at 5 April, 2012, 5:27 am
Andrew Lee just drew my attention to a poll carried out by an IT magazine in the UK, asking the question ‘Do you think it's necessary to use paid-for anti-virus software to effectively protect your PC?’ Clearly this is a question that a lot of people ask, but the answer is more complicated than you … Read More…
(No Ratings Yet) Loading ...BYOD Infographic: For security it’s not a pretty picture
By Stephen Cobb at 4 April, 2012, 7:01 am
The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data. As we first reported here on the blog a few weeks ago, ESET commissioned a … Read More…
(No Ratings Yet) Loading ...VirusTotal, Useful Engines, and Useful AV
By David Harley at 2 April, 2012, 10:27 am
In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal. Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.
I … Read More…
(No Ratings Yet) Loading ...Saturday Night Backup Fever, Internet Apocalypse Now
By Stephen Cobb at 31 March, 2012, 12:14 pm
If you use a computer and/or the Internet you might want to think twice about heading to the disco or the movies or whatever else you had planned for this Saturday night and spend the evening backing up your data instead. Why? Three reasons, starting with the fact that today is World Backup Day. Sure, … Read More…
(No Ratings Yet) Loading ...Blackhole, CVE-2012-0507 and Carberp
By David Harley at 30 March, 2012, 1:05 am
This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) … Read More…
(No Ratings Yet) Loading ...OSX/Lamadai.A: The Mac Payload
By Alexis Dorais-Joncas at 28 March, 2012, 7:18 am
Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations). The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it. The webserver would serve a platform-specific JAR … Read More…
(No Ratings Yet) Loading ...Vulnerable WordPress Leads to Security Blog Infection
By Robert Lipovský at 27 March, 2012, 8:38 am
Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one:
The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on different … Read More…
(No Ratings Yet) Loading ...Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS
By Stephen Cobb at 26 March, 2012, 12:17 am
Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have … Read More…
(No Ratings Yet) Loading ...Facebook logins toxic for employers, violate security and privacy principles
By Stephen Cobb at 24 March, 2012, 11:06 am
Attention CEOs and HR Managers: Facebook login credentials belonging to current or prospective employees are not something that any employer should request, use, or posses. Why? Apart from the violation of security and privacy principles? The risks far outweigh any benefit you imagine you could gain by logging into a social media account that does … Read More…
(No Ratings Yet) Loading ...
