Free Android USSD vulnerability protection from ESET now on Google Play
If you use an Android phone you may have heard of something called the USSD vulnerability. This allows a nasty piece of malicious software to reset your Android to its factory default settings and permanently delete your data. We will describe the USSD problem in more...
NOD32 Updates – NOD32 – v.7518 (09262012)
ESET update 7518 contains the following threats: 3 Android, 5 JS, 12 MSIL, 1 SWF, 1 VBS, 92 Win32, 1 Win64
Dorifel Malware Actively Spreading Despite Mass Detection
By Steve Ragan he malware responsible for attacks on at least 30 local governments, universities, and businesses in the Netherlands, Dorifel (XDocCrypt), is still actively spreading and causing new infections, despite a wide net of detection within the anti-Virus...
Dorifel/Quervar: the support scammer’s secret weapon
The malware that some people are calling Dorifel or XDocCrypt (ESET detects it as Win32/Quervar.C and has a cleaner for it here) is having enormous impact right now, mostly in the Netherlands. It has some very interesting characteristics – it infects documents (and...
Free YouTube .mp3 converters – with a free malware bonus
Want to access the music tracks of YouTube.com videos on your iPod but don’t want to pay? You’re not alone. Recently, a crop of websites have popped up offering to convert the audio from videos to .mp3 files that you can then download at no charge. Sounds great,...
Are you getting less spam?
If you are getting less spam, that could be because cybercriminals no longer control the third largest spam botnet - according to the NetworkWorld article below: Cybercriminals no longer control the third largest spam botnet, researchers say Cybercriminals no longer...
New Java Exploit to Debut in BlackHole Exploit Kits
Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost...
American Express Customers are Consigned to a Blackhole
July 05, 2012 By Jayendra Pathek, Randy Abrams NSS Labs has recently encountered a phishing campaign targeting American Express customers. The phishing emails ask users if they have recently reset their password, or verified their user ID for their American Express...
Microsoft Names Defendants in Zeus Botnets Case; Provides New Evidence to FBI
A little over three months ago, I wrote here about how Microsoft’s Digital Crimes Unit, along with its financial industry partners and Kyrus Tech, took action to disrupt the dangerous Zeus botnets, known for fueling half a billion dollars in online fraud and identity...
Flame malware makers send ‘suicide’ code
The creators of the Flame malware have sent a "suicide" command that removes it from some infected computers. Security firm Symantec caught the command using booby-trapped computers set up to watch Flame's actions. Flame came to light after the UN's telecoms body...
Stuxnet, Flamer, Flame, Whatever Name: There’s no good malware
by Stephen Cobb ESET Security Evangelist A week ago the big malware news was the code known as Flame, Flamer, or sKyWIper (detected by ESET as Win32/Flamer.A), then on June 1, this news broke: "A damaging cyberattack against Iran's nuclear program was the work of U.S....
Win32/Flamer: the 21st Century Whale
by David Harley Senior Research Fellow It's not only the malware that ESET calls Win32/Flamer.A which is complex (and quite dauntingly large). The news and speculation around this threat is also extensive and complex. While it is understandable that what appears to be...
LinkedIn security woes – and what to do about it
by Cameron Camp Security Researcher This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of...
You’ve Got (Nation State Hacked) Mail
by Cameron Camp Security Researcher We read in the New York Times that Google is rolling out a service that will attempt to alert users when it thinks their accounts might be subject to hacking by a government, hoping the user will take precautions after getting a...
LinkedIn gets hacked … coincidentally, phishing emails start arriving…
So today we reported that linkedIn was the subject of a hack that got an estimated 6.4 million password into the hands of some bad-actors - there was speculation in the article that these people maybe didn't have access to email addresses to go with these password......
6.46 million LinkedIn passwords leaked online
By Zack Whittaker Summary: More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, users are advised to change their passwords immediately. A user on a Russian forum has claimed to have...
Android Malware Used to Mask Online Fraud, Says Expert
By Gregg Keizer, Computerworld Android Malware Used to Mask Online Fraud, Says ExpertAndroid malware being automatically distributed from hacked websites looks like it's being used to mask online purchases, and could be part of a fraud gang's new push into mobile,...
QR Codes and NFC Chips: Preview-and-authorize should be default
by Stephen Cobb ESET Security Evangelist What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is...
