Blog

Well, here we are at Christmas Blog number four, and in this run-up to the most magical time of the year, we have considered Security Awareness, Santa, and NORAD – a very interesting mix. However, let’s move on to the really interesting bit – the giving, and RECEIVING of presents. ...

[This is probably my last article here for 2011. Compliments of the season to you all.] Inevitably, my attention was drawn last week to an article on Mich Kabay’s Infosec Perception based on an essay by student Jeremy Legendre: Macintosh Malware Erupts. Well, I’m not in the business of ...

On the second day, I got a Digital Camera, the third came in with a SmartPhone, the forth, a High Capacity Drive, and the fifth . . . . I guess you have got the picture. It’s that time of year again when Santa will be visiting all the boys and girls to empty his sleigh. So to get us all in the ...

It would seem that in 2011, hacking went up in the world – literally, with the DroneBug Malware entering the scene in November 2011, and then with the revelation that a hack had been carried out targeting a Satellite. Two scenarios which are also very similar in many ways, and I am w ...

As many of seasoned IT Pros may have noticed, the APT and AET debate has once again been given some tripping space on the boards of the IT security press. However, whenever this happens, the confusion that arises around what ‘they’ are, and what constitutes the ‘label’, sets ...

Being a free spirit in the interesting, evolving world of cyber/information security (or is that insecurity?) I am privileged to work with some very interesting organisations, and the year 2011 has proven to be one of the best. The great thing about working with the experts, and visionaries of the n ...

When I think back to the early days of the Anti-Virus industry, I recall there were lots of good intentions to standardise, and work as a closed community – but of course, where there are interests of commercial implication, profit, and of course leading edge competitive advantage, there is of ...

For some reason, not all security vendors acknowledge the reality, of possible existence of the Advanced Evasion Technique (AET). The question is, have AET’s actually been amongst us for some time now, delivering their adverse payloads to circumvent our trusted levels of perceived security? T ...

There is no doubt that the ingenuity of cyber criminals has always been ahead of the game. In many cases this can leave the less-than-prepared security professional/organisation left playing cat-and-mouse, and open to exploitation, and vulnerabilities. The opposing side is the world of hackers and ...

Stuxnet is a severe threat – that’s something we know for sure. But if we look at it,  what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out ...

A good friend of mine over at NetIQ, Todd Tucker, recently blogged about some of the frustrations he sees when looking at the failure of PCI as a security standard (or rather, the failure of those organizations who pay lip service to compliance) and especially the oddly heavy emphasis given to ...

Looking to save a few bucks on software will almost always lead users down a dangerous path. Users either end up at “OEM Software” sites offering unlicensed and illegal software, or to downloading cracks or keygens laced with malware.  One of the big issues here is that the ...

eSoft researchers have been tracking a new campaign by cybercrooks, compromising and creating websites for use in SEO poisoning and malware distribution. Thousands of these sites have been detected that use elaborate techniques to trick search engines and are ready to serve malware in an i ...

A new twitter spam campaign is making rounds, infecting users with rogue anti-virus malware. The spam mail attempts to convince the user that someone was trying to steal their Twitter account information, and to download a “secure module” to protect their account. The email that begi ...

The eSoft Threat Prevention Team has uncovered thousands compromised web servers hosting fake YouTube pages. Attempting to play the video on these fake pages prompts the user to install a ‘media codec’ which then infects the machine with malware. The fake YouTube pages are well ...

eSoft researchers have been tracking a recent campaign abusing Google Groups to spread malicious links in Spam emails. Users following the link are infected with a Downloader Trojan, silently infecting the machine with various types of malware including Rogue Anti-Virus. The scam starts with an e ...

Tiger Woods’ personal life and marital affairs have attracted constant attention from the press and has certainly damaged his public reputation.  With his return to the Masters, Nike has released a new commercial in an effort to rebuild Woods’ image.  This compelling commer ...

The first week of March Madness has brought about many compelling stories, with a good deal of upsets and bracket busters. The most newsworthy of these has been the University of Northern Iowa’s ousting of #1 overall seed Kansas. This ‘Cinderella’ story has deservedly gotten a grea ...

Today, eSoft is alerting customers to a new targeted email scam. This newest twist to the common IRS email scam seems to be targeted to organizations, notifying the recipient of a tax evasion complaint being filed against the company. Opening the file infects the user's machine with dangerous t ...

The malware infection attack surface is increasing day by day. Recently, some of the infected machines with different malware classes such as file downloader are using GTALK for downloading JPG based files from the internet. Actually this file is not a JPG file but a zipped file that contains an ex ...