Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

February

  • Last day for UK citizens to petition for central e-crime police unitIt’s February 29th. If you’re a single man that means you’re living in mortal fear that your girlfriend will realise that you have been ignoring her hints for the last 4 years, take...
    29 February 2008 09:28 GMT
  • PayPal recommends surfers don't use Apple Safari to browse the web Michael Barrett, PayPal’s chief information security officer, is reported in the press today as recommending that surfers use Internet Explorer, Firefox or even Opera in preference to Apple’s...
    28 February 2008 16:04 GMT
  • A portion of games with a Windows Mobile worm on the sideFollowing the blog entry by the colleagues at AVERT and subsequent media attention I decided to investigate reports about a new worm for Windows Mobile and Windows Smartphone platforms. The worm is packaged...
    27 February 2008 19:02 GMT
  • More Zbot: Get a visa, get infectedWe have previously blogged about Zbot banking Trojans being installed in various web attacks [1]. Since then, the authors have kept themselves busy. We have identified numerous malicious web sites using...
    27 February 2008 17:18 GMT
  • Another Day, Another N00bDuring the day of a virus analyst, it so happens that when you do encounter a poorly written piece of malware, you don’t know whether to: a. shake your head b. laugh or c. cry. Take for instance,...
    27 February 2008 07:32 GMT
  • More 'Celebrity news'Within the last hour spammers have changed the distribution method of Troj/Exchan-Gen . On Friday I talked about the last incarnation of this attack (blog). The spammers are still using...
    25 February 2008 15:27 GMT
  • Double abuseOne of the oldest spammer tricks is the abuse of free email and web hosting services. The former allows them to hide behind a legitimate email service. The latter gives them an ability to host spammy images...
    24 February 2008 01:31 GMT
  • Traffic control on the webThe web provides a number of mechanisms for people to make money. Advertising, per-per-click, referrals, sales - all these mechanisms (and more) have been abused by attackers. Web traffic is money, the...
    23 February 2008 20:13 GMT
  • 'Celebrity news' still an active lure for malwareOver a past few weeks SophosLabs have been tracking the spamming of a link to malware. Thankfully the link destination appears to be down now but earlier in the week it was serving Troj/Exchan-Gen. The link...
    22 February 2008 15:16 GMT
  • Poisoned Adverts hit TV sitesEarlier this week we were asked to investigate a URL by a journalist working at The Register. A web user had contacted The Register claiming they were prompted to install some software when browsing a page...
    21 February 2008 09:51 GMT
  • Voice phishing on a phishing alertA year and a half ago, we warned of Paypal phishes that asked users to phone a number to verify their account. Nowadays, phishes also target many smaller financial institutions. They are also getting more...
    20 February 2008 02:38 GMT
  • Spammer is fine(d) in Russia.Like many other Russian IT specialists working abroad, I start my day by reading Russian news online. Last Friday, I was pleased to see an article about a spammer being fined in Russia for the very first...
    19 February 2008 01:27 GMT
  • Valentine's Flash - Tainted LoveIt made a change today to see malware in a Valentine’s-based spam run that wasn’t related to Dorf. Nor was it a Pushdo, nor even a Zapchas (though we’ve seen some of those this week too)....
    14 February 2008 23:43 GMT
  • Zango the Time-shiftersHotbar is an application which is created by Zango, who have put up a video on www.imediaconnection.com which explains their advertising model from quite an “interesting” prospective. (Click on...
    14 February 2008 14:38 GMT
  • Botnets, a free tool and 6 years of Linux/Rst-BI have mentioned before that we regularly see Linux malware infected with an old Linux virus, Linux/Rst-B. It is 6 years to the day when we first saw Linux/Rst-B and despite reputable anti-virus solutions...
    13 February 2008 11:43 GMT
  • Another day, another Dorf storyOur most recent post described the current increase in spam propagating the Dorf (”Storm”) malware. I thought it’ll be interesting to provide some extra detail on this. It’s been...
    12 February 2008 22:52 GMT
  • Never Ending DorfsLike a very bad itch, a new batch of the Dorf worms (also known as “Storm”) have resurfaced today. SophosLabs analysts noticed a sharp increase in our spamtraps today and it was discovered to be...
    12 February 2008 04:23 GMT
  • Eee PC vulnerability: All that glitters At the end of last week, RISE Security (a Brazilian research group) posted a blog entry announcing that they had rooted the popular Asus Eee PC. It would appear that the machines are running a vulnerable...
    11 February 2008 11:28 GMT
  • Mayday botnet bigger than Dorf/Storm?There has been quite a lot of discussion lately around the alleged appearance of a new botnet dubbed Mayday by researchers from Damballa . The discussion followed publishing of an article on the Dark...
    8 February 2008 11:21 GMT
  • World of PhishcraftSecurity issues with the popular World of Warcraft (WoW) game are nothing new. To those who are not familiar with WoW, it’s a Massively Multiplayer Online Role Playing Game (MMORPG) made by Blizzard...
    8 February 2008 02:01 GMT
  • Image upload vulnerability affecting MySpace and FacebookRecently, details of a new vulnerability affecting Aurigma’s ImageUploader ActiveX control have been disclosed by Elazar Broady on Full Disclosure mailing list. Now, there are many ActiveX controls...
    7 February 2008 11:20 GMT
  • 155 million websites and growingNetCraft recently reported the results of their January 2008 survey, in which they identified over 155 million sites, almost half of which where active [1]. It would be great to be able to gather data to...
    5 February 2008 15:40 GMT
  • Content Management Systems - An Easy Target?There is an awful lot to think about when thinking about securing your web server [1]. Taking a step back and thinking about how the bad guys operate is sometimes helpful, and should be an important part of...
    4 February 2008 13:01 GMT
  • AMTSOA few weeks ago I reported on a meeting I was going to attend in Bilbao concerning testing of security products. As a result of that meeting AMTSO was born. AMTSO stands for the Anti-Malware Testing...
    4 February 2008 09:20 GMT
  • Bot writer compares apples and orangesEarlier this week, I investigated some virtual machine aware malware. I was specifically looking for samples that use RedPill technique, discovered by Joanna Rutkowska. More precisely, I was interested in...
    1 February 2008 16:10 GMT
  • Willy-sized enhancement?Based on the previous few postings about Dorf-based male enhancement campaign [1] and malware infested Powerpoint files [2], it seems like the post-Christmas/pre-Valentines period is the time to spam out...
    1 February 2008 02:07 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.