SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

2007
2008
2009

October 2007

Happy HallowEcardAs much as we wish ecard spam was gone, we can’t say we’re surprised to see Halloween themed ecard messages. As usual they’re back with only a few words of content, the usual IP address...
30 October 2007 23:00 GMT
Troj/Unif-B: A media friendly Trojan? Possibly In his post at the end of last week Dancho Danchev reported some of Possibility Media’s online publications serving up malware. Doing a search though the SophosLabs data, we also see Possibility Media...
29 October 2007 16:24 GMT
The spammer who loved meLast night, a colleague beat me to the punch with a posting about hacked websites and spam. I was planning to write a similar article this morning. My perspective on the spam was a little different so I am...
26 October 2007 10:13 GMT
From Russia with exploited websites?Just like millions of other men and women worldwide I keep seeing letters that appear to come from some lonely Russian girls. The amount of spam of this nature have seemed to increase significantly in the...
25 October 2007 20:22 GMT
A nasty spyware cleaner (read fraud!)The definition of malware according to Google web definitions is a program or file that is designed to specifically damage or disrupt a system. Generally when we think malware, we think viruses, worms,...
25 October 2007 19:01 GMT
Direct Revenue - A victory for the good guysI was pleased to read today that Direct Revenue have shut up shop. Why should I be pleased when another small company shuts down in these sometimes difficult times? Well this one has been repeatedly linked...
25 October 2007 17:01 GMT
BBC Watchdog steals Facebook identities, and Sophos's idea!Last night, BBC TV in the UK broadcast an investigation into Facebook security on their flagship consumer affairs program, Watchdog. Their findings have been reported in news stories worldwide. BBC...
25 October 2007 08:43 GMT
No! Not my precious MP3's!How would you like it if one day you ran a seemingly innocent file and every single MP3, WAV, AVI and MPG file on your harddisk died? That’s what could happen if you were to be infected with...
24 October 2007 01:26 GMT
A fish out of waterA customer recently sent us samples of some AMD64 and Itanium executables that W32/Vetor-F had managed to infect, apparently unintentionally, despite being an x86-only executable virus. The Itanium version...
22 October 2007 18:43 GMT
Angelina Jolie spam can get you caught with your pants downIt is said that pr0n is what makes the internet go round (or is that up and down?) Spammers and malware authors appear to know this all too well judging by their continued use of smut in an attempt to...
22 October 2007 09:35 GMT
Process-patching, the Dorf wayDuring a quiet Sunday afternoon in Vancouver, I decided to have a peek inside the latest dropped Dorf sys files, since I haven’t looked into them personally for a little while. Two layers of...
22 October 2007 01:01 GMT
Weekend wrap-upIt has been fairly quiet in the lab over this weekend, or at least it feels like it has. This is partly thanks to some of the proactive detections already published that are protecting customers without the...
21 October 2007 13:45 GMT
Ever dreamt of becoming a Russian oligarch?What kind of “products” do you expect to see advertised in spam? Pills, low credit rates, school degrees, fake watches, pirated software? Right… The relatively cheap, often illegal stuff...
19 October 2007 22:49 GMT
Is security worth the effort?It’s been a week for hype. Yesterday, Fraser posted about the way the media jumps on interesting items such as Skype[1]. Today it is back to the subject of wi-fi. The BBC has an article about how...
19 October 2007 11:45 GMT
Trick or Treat?Never ones to miss a trick, spammers are offering unsuspecting surfers a handy financial treat this Halloween. In an email filled with dodgy puns, recipients are encouraged to hand over personal details...
19 October 2007 08:34 GMT
Gutsy Gibbon Slays Skype Hype!Ubuntu, Skype. What do these names have in common? Newsworthiness. When there is any press about either, the article tends to float to the top of news aggregators and social bookmarking sites, even when the...
18 October 2007 14:06 GMT
Apps for iPhoneThe release of the iPhone in North America caused quite a storm, and the announcement that they are coming to Europe was met with great interest. There was also a lot of discussion about...
18 October 2007 08:46 GMT
Stock scams by MP3We’ve seen a bunch of spam messages hit the spam traps today. Each has an mp3 attached, the file is named after one of many popular artists or groups. Fearing a visit from the RIAA I decided to...
18 October 2007 07:32 GMT
Patch (unofficial) for URI handling vulnerabilityThere has been some concern recently about a vulnerability with the way URIs are handled on Windows XP and Server 2003. The vulnerability only exists if Internet Explorer 7 is installed, because of a change...
17 October 2007 08:33 GMT
Bulletproof hosting and the Russian Business NetworkSeveral previous blog entries have described various forms of web-based attacks [1,2,3]. In most cases, the attack involves compromising a large number of web servers in order that the sites they host are...
16 October 2007 11:46 GMT
Things are looking quite iffy for a large number of sitesSophosLabs are in the process of contacting one of the people hit by this latest burst of Troj/Iffy-B infections. The reason that this one caught my eye was that on the same site was a copy of Exp/QTP-A....
16 October 2007 08:49 GMT
Beware of Geeks bearing giftsWell, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites: So, if...
12 October 2007 08:54 GMT
Bobbear.co.uk Joe JobbedBobbear.co.uk is a website that tracks various online money laundering operations and fraud campaigns. It seems likely that one of those operations has hit back with a Joe Job. This Joe Job is unusual in...
11 October 2007 07:18 GMT
Infectious Greetings: Ecards, Storms and DorfsI read a very good summary on ZDNet’s website of the ecard campaigns we have been discussing for what seems like months now. The evolution of this particular family of malware is interesting, not...
10 October 2007 11:13 GMT
Office Exploit And FriendsMalware writers have always jumped at the chance to package malicious code in a way that doesn’t attract attention - it’s why we labelled them Trojans. Microsoft Office documents were favourite...
10 October 2007 07:58 GMT
Phishing is not just a banking problemMost phishing stories highlight the danger of your banking details being phished. However, you should be vigilant of all your online login details. Here is an example of a phish targeting Yahoo! The email...
9 October 2007 12:52 GMT
Quiet on the malware frontIt has been a quiet Saturday here in the UK, at least on the malware front. This means that either virus writing activity is on the decrease or that our proactive protection is catching new variants. I hope...
6 October 2007 16:52 GMT
What about Small Vick Ljah?Another day, another spam campaign. I wondered, though, is this one a scam or a genuine plea for help? If the email is to be believed, there’s a lovely little 5 year old girl dying of a brain tumour...
6 October 2007 07:59 GMT
Ann's German cousinI didn’t mention this before but Ann is an Australian. At least her message went primarily to SophosLabs spamtraps in Australia. It seems that Ann has a German cousin called Anne! Her email is...
5 October 2007 15:10 GMT
Pushdo author hoisted by his own petardToday we have seen another aggressive seeding of Pushdo. Happily, it has once again been proactively blocked. The Trojan is proactively detected as Troj/Pushdo-Gen, and the spam message is blocked because...
5 October 2007 10:43 GMT
Do you remember blonde Ann with the pigtails?They say ‘Curiosity killed the cat’ however here we see malware authors attempting to use peoples’ natural curiosity to infect computers. When confronted with the following picture, a...
5 October 2007 10:01 GMT
And a subject hereToday’s version of the never-ending Anatrim (weightloss drug) campaign was rather amusing compared to past ones. The message talks about how being overweight is a clinical condition and goes on to...
4 October 2007 23:59 GMT
Affiliate scheme (ab)|()use?The shift towards financially motivated malware is old news. All readers will know the bulk of current threats are primarily focussed on making the bad guys money. The mechanism to do this can vary hugely,...
4 October 2007 09:58 GMT
Sprechen sie Deutsch?Even if you don’t speak German, you should be able to spot an offer too good to be true. The above is an example of the international nature of phishing groups. The email when translated has some...
4 October 2007 09:46 GMT
A touch of classAnother day, another batch of compromised web sites. One of the attacks over the weekend with a touch of irony. The web site of a firm selling various ‘Classy Themes‘ for both personal and...
2 October 2007 10:45 GMT

Select another month

RSS feed

SophosLabs blog

Atom feed

SophosLabs blog

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.