Back in 2008, EICAR rejected a paper proposed by Andrew Lee and myself discussing the state of anti-malware testing and how it might be improved, on the grounds that it was “advertising” the fledgling AMTSO (Anti-Malware Testing Standards Organization) initiative. You can decide for yourselves whether that criticism was justified: the same paper was accepted later in the year by Virus Bulletin and is available as “Who will test the testers?” from the ESET conference papers resource page.

I mention

Apologies if you're bored with my banging on about PC support scams, but it seems that there are plenty of people who aren't. At any rate, some of my previous blogs on the subject have attracted more comments than any of my blogs on other topics, and in fact,

[Update: police have issued a video of the man they say ran the whole group.]

We've spent quite a lot of time on this blog in the last year or more discussing Win32/Carberp, which has also found its way into the occasional paper and presentation.

So it gave us particular pleasure to see that our friends at Group-IB

Personal information of roughly 100 million out of the half a billion Facebook users have been recently compromised, their private information leaked to the web. This is not the first or last time social networks have been targeted. ESET’s senior research fellow David Harley, among others, continuously comments on cases of SPAM and SCAM exploiting many applications used on Facebook. To help its users stay safe, ESET has prepared a fresh list of pointers on how to stay secure on social networks.

Continued here:
After Facebook leak, ESET advises computer users how to keep safe on social networks

A couple of weeks ago, some of my Facebook friends were putting up messages telling the world what was number one in the charts the day they were born and in some cases providing a link to a video. While it was depressing to realize how young so many of my friends were – I was born at a time when there was no official chart in the UK, at any rate for recordings as opposed to sheet music – I didn't see any real

Way back in the 1990s, during the Q&A session after an EICAR presentation on social engineering, there was an animated discussion arising from some slides I'd

There's been a certain amount of excitement in the last day or so about ZeuS-related malware that appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group) in order to make it look more official and persuade victims to click on the malicious attachment.

I've gone into more detail in an article for SC Magazine's Cybercrime Corner on Retrophitted Retrophish.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Read the rest here:
Phishing and Taxes: a dead CERT?

Perhaps it's some kind of link left over from all those ships from the Spanish Armada that found themselves making landfall on the West Coast of Ireland, or maybe it's an obscure allusion to the beleaguered Eurozone, but my colleague Urban Shrott

Back in 2008 ESET's global research teams put together some suggestions for “a top ten of things that people can do to protect themselves against malicious activity.” That series of blogs was subsequently expanded into a paper called “Ten Ways to Dodge CyberBullets”, addressing the question “what are the top 10 things that people can do to protect themselves against malicious activity?”

Earlier this year, I was asked to update that paper to reflect the changes in the threat landscape since I originally put it together.

A number of companies have released software that allows you to determine whether Carrier IQ software is installed on your phone, though I haven’t seen any such app that isn’t Android-specific, and that does present a problem. That is, of course, assuming that you accept that it is a real, significant problem – and I think it’s been more than a little overblown, though I continue to think that Carrier IQ (and those carriers using its service) need to clarify how it’s being used. But it’s not an Android-specific problem, and it might actually confuse people into thinking