2nd-12th December 2011

Another long gap, but I was in Bratislava for meetings for a good deal of that time.

So, my ESET posts:

• December 2nd: SQL Injection Attack Alert
• December 5th: Carberp + BlackHole = growing fraud incidents
• December 6th:
• Wi-Fi and fertility: warm but not so fuzzy
• Carberp white paper: now with added pictures
• December 8th: Carrier IQ detection: check your source before you install

Small Blue-Green World:

• 12th December: Malicious Android: why the Birds are Angry 

AVIEN:

• 2nd December: SQL Injection Attack Warning

Mac Virus:

• 12th December: Malicious Android: why the Birds are Angry (pointer)
• 7th December: PINs and Needles
• 6th December: Carrier IQ and the iPhone

ChainMailCheck:

• 6th December:
• Facebook Jawdrop
• Facebook and Selective Memory
• 5th December: Muriel* in the Men’s Room?

AMTSO:

• December 2nd: FAQs from Dennis Labs

Articles and papers:

• Hearing a PIN drop (article for Virus Bulletin, now publicly available by kind permission of VB)
• Win32/Carberp: When You’re in a Black Hole, Stop Digging (white paper with Aleksandr Matrosov, Eugene Rodionov, and Dmitry Volkov) 

Media Mentions:

• Kevin Townsend/Infosecurity Magazine: Combination of Blackhole and Carberp growing in Russia 
•  Ellyne Phneah/ZDNet Asia: In-demand black hat roles in thriving cybercrime world 
• BCS Institute: Online financial transactions targeted
• worldnewz.org: Researchers find spike in malware targetting online payment
• Infosecurity Magazine: Should infected computers be prevented from connecting to the internet?
• Kevin Townsend/The Times (!): no link, but the quote reads “An alternative or additional approach is to monitor the blogs of leading security researchers such as David Harley (ESET), Luis Corrons (PandaLabs), Rik Ferguson (Trend Micro) and Graham Cluley (Sophos), all of whom provide insight and commentary on the current threat environment…” 

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

29th November – 1st December

ESET:

• Support-Scammer Tricks
• Facebook Worm: ZeuS is not your (FB) Friend

Computer Weekly: Socialisation, social engineering, and securing the enterprise

SC Magazine: Product testing and accountability 

Media mentions:

• UK government publishes four-year cybersecurity strategy plan
• The government’s Cyber Security Strategy: friend or foe?
• Spooks take the wheel in UK’s £650m cyber-war operations
• Hacking Team’s RCS: hype or horror; fear or FUD? 
• Cyberspace welcomes, 28/11/2011
• Facebook Christmas Tree Virus: it’s Still a Hoax
• UK cybersecurity strategy a bit thin on details, say critics
• Mobile “Big Brother” Carrier IQ Busted
   

24th – 28th November

ESET: Facebook Christmas Tree Virus: it’s Still a Hoax

Words and Music: A Front Row Seat in the Security Theatre

Linked from ESET White Papers page : APT: Real Threat or Just Hype? ”Recording of the keynote panel at the Infosecurity 2011 Fall Virtual Conference, at which David presented on “APTitude Adjustment” as well as participating in the subsequent discussion.”

Media coverage:

• Kevin Townsend: Hacking Team’s RCS: hype or horror; fear or FUD?
• SC Magazine: The government’s Cyber Security Strategy: friend or foe?
• The Register: Spooks take the wheel in UK’s £650m cyber-war operations 
• City AM (London’s free business paper) – no URL.
• Infosecurity Magazine: UK government publishes four-year cybersecurity strategy plan
• Virus Bulletin: SMS trojan targets Android users in eight western countries
• ZDNet Asia: 5 tech tips for safe travels

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus

19th-23rd November

SC Magazine, 22nd November: Privacy, identity, and the Nym of the Rose

ESET:

• Nov. 23rd:
• Facebook Invitation and the Olympic Torch
• IRISSCERT, ESET Ireland and the Luck of the Irish
• Nov. 22nd: Evolution of Win32Carberp: going deeper

Chainmailcheck:

• Nov. 23rd: Facebook hoax and search poisoning
• Nov. 21st: Safe online shopping

Mac Virus:

• 21st Nov.
• Mobile AV: another “charlatan scammer” hits back
• Memoirs of a charlatan scammer
• November 19th: What Jobs Really Did

November 13th – November 19th 2011

Oh dear. Another long gap, though shorter than the last one…

SC Magazine: Facebook: Is the Fawkes virus still smoldering? (Nov. 15th)

Infosecurity Magazine: iPaddling in Corporate Waters; Goodbye Blackberry Way?* (Both Nov. 18th)

(ISC)2: DNSSEC, SOPA, and PIPA (Nov. 16th)

ESET (in order of appearance on the blog page, not by strict date order):

• SOPA-rific: House Judiciary Committee gets a rude awakening (Nov 17)
• Agony Column for Comment Spammers (Nov 17)
• SOPA Opera (Nov 16)
• Facebook, offensive content, and terse responses (Nov 17)
• Infosecurity Conference APTitude Adjustment (Nov 16)
• Facebook video scam: 15 seconds? Don’t watch it at all (Nov 13)

AMTSO:

• AV-Test looks at free Android AV

Mac Virus:

• What Jobs Really Did (November 19th)
• Smart-phones, Tablets and Business (Nov. 18th)
• Keep Taking the Tablets (Nov. 16th)
• That iOS 5.0.1 update (Nov. 14th)

Check Chainmail & Hoaxes:

• Facebook, what’s a “self-XSS vulnerability”? (Nov. 17th)
• Fawkes Virus Still Smouldering? (Nov. 15th)
• Facebook and chain messages (Nov. 14th)
• Facebook and the FTC; Facebook Survey Scam (Both Nov. 13th)

While I’ve fielded the usual avalanche of press queries this week, I haven’t noticed any of my responses being used, and actively checking isn’t a priority. However, there were two panel sessions I took part in earlier in the month for Infosecurity Magazine that are now available for replay. Note that while I was representing ESET in the keynote session, I was representing Small Blue-Green World and Mac Virus in the iPad session.

Keynote Session - APT: Real Threat or Just Hype? Everyone’s talking about advanced persistent threats. According to security researchers, APT-driven zero-day attacks may have been behind the widely-publicized data breach at RSA in March of this year. This session will define what makes an APT, and advises what techniques you can use to defend your organization from these new menacing attacks.

Steve Gold, Technology Editor, Infosecurity magazine
John Walker, ISACA Advisory Board, CEO, Secure-Bastion David Harley, Security Research Fellow, ESET
Matt McKinley, Director of US Product Management, Stonesoft

 The Tablet Craze: How will the iPad affect your organization’s security?: The plethora of tablet computers on the market pose some interesting challenges for enterprises. What effect will the iPad and other tablets have on IT managers?

Eleanor Dallaway, Editor, Infosecurity magazine 
Stuart King, Head of Global Security Assurance, Reed Elsevier
David Harley, independent researcher and author for Small Blue-Green World
Paula Skokowski, VP of Products and Marketing, Accellion

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus
ESET Senior Research Fellow

As I was saying nearly a month ago…

Just as well that this isn’t the most frequently-read of my blog sites. Well, for the benefit of the handful of us to whom this is vaguely useful, here’s (some of) what’s been happening since 15th October:

SC Magazine:

• Cold-calling scams and rehearsals for retirement* 
• Support scams: Can we help you with those?
• PR, crime and punishment

AVIEN:

• Support scams: what can AVIEN do about it?
• Support scams information resources page: PC Support Scam Resources

Mac Virus:

• Having trouble with Windows on your Mac? 
• Articles at Infosecurity Magazine 
• OSX/Devilrobber: more information 
• Mac Viruses is not Mac Virus…
• Infosecurity US Conference – Keep Taking The Tablets
• Infosecurity blog and malware descriptions update
• Devilrobber: Bitcoin Miner preys on Snow White 
• OSX/Tsunami.A: old code, new platform 
• Why Microsoft’s report has some Apple sauce
• Flashback.C takes the retroviral route 

Securiteam

PC Support Sites: Scams and Credibility

Chainmailcheck:

• Scamming the BBC
• Facebook: Heartfelt Sympathy

Infosecurity Magazine:

• Apple Content in Infosecurity Virtual Conference
• What the Devil(Robber)?
• OSX/Tsunami: flooding new markets
• Social Engineering: A Real Persistent Threat 

AMTSO Blog:

• NIST, the cloud, and certification
• Testing: the Knight’s Tale

ESET:

• Facebook Likes and cold-call scams
• Stolen password checking: a question of trust
• Virtualization & Conferencing
• Facebook Sympathy Hoax: No Surprises
• Win32/Duqu analysis: the RPC edition
• Win32/Duqu: It’s A Date
• Gaddafi search poisoning
• TDL4 rebooted
• A little light relief

In the media:

• eWeek Security Watch
• Virus Bulletin
• Also in Virus Bulletin magazine November issue, though you could easily miss it, even the photo :) 
• Slashdot
• Code Project
• PC World (again)
• CSO
• CIO
• Network World
• PCWorld
• InfoWorld
• PC Advisor
• Computerworld
• ITWorld

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN
ESET Senior Research Fellow

14-15th October

ESET: Facebook, Privacy, and Defence in Depth

SC Magazine:

Social engineering and social media 

Defense in depth

Infosecurity Magazine: article not yet posted.

Virus Bulletin: Slides from VB conference paper – David Harley and Larry Bridwell

Due to the AMTSO workshop and some other meetings, it’s going to be quieter than usual round here for a few days.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow