Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

August

  • More FakeAlert trickeryThe conveyor belt of fake alert malware has continued apace over recent days. As previously reported [1,2,3], the attackers are using a variety of tricks and social engineering in order to infect victims....
    27 August 2008 16:33 GMT
  • We have hijacked your babyOne of the current malware spammings has an interesting social engineering lure. Protecting your family is one of the primal urges and social engineering techniques work best when they make use of strong...
    26 August 2008 13:32 GMT
  • webmail + anonymizer = 419?Not too long ago we reported on how GMail’s effort to kick out “419 fraud” spammers from its networks resulted in a positive decrease. Clearly, this problem is not specific to large...
    25 August 2008 20:25 GMT
  • Statement of FeesWe’re continuing to see high volumes of Fedex and UPS spam at the moment, and we’ve just started to see a parallel campaign by the same authors with the subject “Statement of fees...
    23 August 2008 00:09 GMT
  • John McCain positioned outside donut cityIt saddens me to report that Fraser may have been premature in rejoicing the demise of Britney from malware social engineering. But he was right about the changing subject lines, though. Just for fun I...
    22 August 2008 23:37 GMT
  • Defensive IframingThe other day I came across an interesting piece of malicious Javascript. Whilst investigating a whole slew of web pages compromised in a fairly large attack, I noticed there were two malicious scripts...
    22 August 2008 11:10 GMT
  • Failed to deliver your package in 48hrs!!! Here have some malware insteadA new wave of mass-mailed Fedex spam is circulating this fine Thursday morning. The text from the message reads as follows (with slight variations in the tracking number, month and date fields): Subject:...
    21 August 2008 19:36 GMT
  • Thank You And By The Way, You're InfectedWorms that spread via removable shared drives and USB keys are getting common these days. In fact, it’s fast taking over as one of the predominant ways of infecting a computer instead of the old IRC...
    20 August 2008 09:47 GMT
  • Leave Britney Alone!!!!!!There will come a day, I’m sure, when anthropologists and historians will study spam. Spammers must craft content that intrigues us enough to click on links and risk infecting our computers. Spam,...
    19 August 2008 18:37 GMT
  • A little something Old SkoolIt’s getting more and more rare in the lab these days to see a genuinely pointless piece of malware that makes no attempt whatsoever to extract cash from its victims, but we spotted one this...
    19 August 2008 10:34 GMT
  • No Clause for ConcernYet another instance of mass-mailed ZIP attachments containing malware (Troj/Agent-HLV). This time the campaign is based upon bogus contractual agreements, e.g.: “Dear Gentlemen, We have prepared a...
    19 August 2008 09:06 GMT
  • Pwning the clipboard - latest trick used in FakeAlert distributionThere are certain notorious threats for which the mere mention of their name can make malware analysts groan - Zlob, Pushdo, Dorf (aka Storm) to name but a few. Just recently, a new class of malware is...
    19 August 2008 08:28 GMT
  • IT Training Group need training in SQL injection protectionA website associated with SSPA (Service & Support Professional Association) Europe and dedicated to IT Support Training is severely affected by SQL injection. The home page of the site contains over...
    19 August 2008 07:39 GMT
  • Ecards and Reverse Russian Bride ScamsSome things never go out of fashion, including it would appear spam that promises an ecard but delivers malware. The latest batch is a basic variation on the old theme, with “dear friend” in the...
    18 August 2008 19:01 GMT
  • Duplicitous Fake Pilfered Real Anti-Virus SoftwareCertain websites out there claim to offer Sophos Anti-Virus version 9 for download with an accompanying “keygen” to crack the software. Such a scenario contravenes acceptable behaviour on...
    18 August 2008 15:58 GMT
  • Simulated BSOD seals the FakeAlert dealAnother week and yet another round of fake AntiVirus software, this time with its own realistic looking crash screen (BSOD). Not only does this variant replace your desktop wallpaper with a warning that...
    18 August 2008 09:35 GMT
  • GPack kit now being used by AntiVirus200xReaders will be familiar with the growth in the volume of “fake alert” malware in recent months [1, 2]. One of the more notorious families we have been seeing large volumes of recently, calls...
    14 August 2008 09:20 GMT
  • Microsoft August 2008 Security BulletinThe number of critical vulnerabilities patched by the latest set of security patches described in Microsoft’s August Security Bulletin is high and they are all quite serious so the patches should be...
    13 August 2008 16:49 GMT
  • Black Hat & Defcon 2008 - a brief summarySean wasn’t the only SophosLabs attendee at this years Black Hat - there was also Pete from the Australian lab, Mike S from the Canadian lab and myself from the UK lab. The plan had been to update the...
    13 August 2008 12:02 GMT
  • Vulnerability analysis at SophosLabsToday’s malware commonly spreads by exploiting unpatched vulnerabilities in the operating system and other software such as web browsers and web browser plug-ins. Administrators ought to be aware of...
    12 August 2008 16:06 GMT
  • How to Stop Spam!I’m often asked, is the volume of spam rising and what can be done about it. The short answer of course is that the volume of spam continues to rise and the technologies used to block them continues...
    12 August 2008 13:29 GMT
  • Tried & Tested?Here at SophosLabs our perfomance is frequently measured by independent industry tests such as AV-Test.org and AV Comparatives. These type of tests take up a significant proportion of our time and effort,...
    12 August 2008 07:16 GMT
  • Tobacco Seems to be a Sure Winner!There are a number of nefarious ways to make money using spam email. One of the well known techniques is ‘phishing’ where a user is tricked into divulging sensitive data to an organisation that...
    11 August 2008 16:12 GMT
  • SQL Injection ready-to-publishSophosLabs have been tracking the recent spate of SQL Injections (1, 2 ..) and this weekend noticed a worrying trend. While investigating an occurrence of Mal/Badsrc-C on a news site I noticed that most of...
    11 August 2008 08:48 GMT
  • SQL Attacks delivering EXEs and SWFsOur colleagues at SANS detailed an SQL attack overnight. An affected website contains a script tag pointing to a remote site hosting w.js (SophosLabs have updated Mal/Badsrc-C to detect that link). The...
    9 August 2008 15:56 GMT
  • AntiVirus2008 & Zbot - presents from Irina.Earlier on today we started seeing a malicious Trojan dropper being sent out via spam. Messages hitting our spam traps carrying the malicious attachment bore rather predictable social engineering, in this...
    9 August 2008 14:05 GMT
  • Why even malware writers need anti-virusOne of the many interesting types of malware samples that we see at SophosLabs is malware that does rather more than its author intended it to do. We will receive a sample that typically has been packed...
    8 August 2008 15:10 GMT
  • A Virtual World of Mal-IntentI often notice that new Virtumundo mutants are released into the wild. So I equally often find myself looking at samples received by SophosLabs and finding ways to generically detect this family of malware....
    8 August 2008 14:55 GMT
  • White Hats meet Black HatsSome of us are just plain unlucky and always choose the short straw. The penalty for my latest poor straw choice was to fly out to sunny Las Vegas to attend the 2008 Black Hat briefings. Readers please do...
    7 August 2008 12:09 GMT
  • New Facebook malware?Over the past 24 hours, there have been reports of some new Facebook worm out there [1]. Supposedly something new, not the same as that discussed last week - aka ‘Koobface’ [2,3]. The new worm...
    7 August 2008 11:41 GMT
  • CNN Video Malware Campaign Since yesterday we have started seeing a malware campaign purported to be coming from legit CNN networks, with a subject line reading “CNN.com Daily Top 10″. This is especially harmful...
    7 August 2008 00:13 GMT
  • Life's just a Cabiret, Old Chap.After trawling through the quagmire of samples that SophosLabs receives daily it becomes apparent that there’s a distinct lack of malware targeting mobile devices. The percentage of malware that are...
    6 August 2008 16:33 GMT
  • Shedding some light on malware on BloggerRecently SophosLabs published its Security Threat Report examining the first six months of 2008. The report is quite sizeable, covering topics as wide ranging as backscatter spam, cybercrime arrests, Apple...
    5 August 2008 17:01 GMT
  • Spaces Live Microsoft's flagship social networking site (ab)usedAs I type a large spam campaign is abusing spaces.live.com Microsoft’s flagship social networking site. A typical message using spaces.live.com: The obfuscated part of the domain is a random...
    5 August 2008 13:19 GMT
  • Get_Spam_Get_InfectedIt would appear the folks behind the previous related attacks we have blogged about [1,2] are not bored yet. As Brett highlighted in a previous post [3], these spam runs are accounting for a high volume of...
    5 August 2008 12:36 GMT
  • Game Over?Recent results from Sophos’s 40-day endpoint assessment test showed that 51% of endpoints tested had disabled client firewalls, and 15% had out-of-date or disabled endpoint security software. Over...
    4 August 2008 14:50 GMT
  • Beijing Olympics Ticketing Scam An elaborate scam involving the sale of Beijing Olympic tickets is making news around the world. Unknowing victims have lost their money in purchasing tickets only for the tickets not to arrive. Several...
    4 August 2008 00:51 GMT
  • We will always have Angelina Just a quick heads up that there is a spamming session in progress for a new variant of the old Pushdo Trojan family (Troj/Pushdo-O) . It uses the usual Pusdo obfuscation technique. Guess what? Angelina...
    3 August 2008 12:28 GMT
  • My spam run is bigger than your spam runFor the past two weeks SophosLabs have been monitoring a specific spam campaign employing thousands of shocking subject lines, and a link to one of thousands of compromised hosts serving up malware. This...
    3 August 2008 00:16 GMT
  • The future of web threats?We have blogged a lot over the past year or so about attackers using compromised sites in order to infect victims with malware. Once infected there are a variety of mechanisms through which the attackers...
    1 August 2008 11:44 GMT
  • Google taking action against Nigerian/419 fraud spammersA few days ago, someone on a discussion list I frequent claimed that there was a drastic reduction of Nigerian/419 spams received from Google mail servers. It is an unfortunate fact, but all the major...
    1 August 2008 00:14 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.