SophosLabs Blog
Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats
April
-
GTA IV - free!!Yesterday saw the release of Grand Theft Auto IV (GTA IV), arguably the most eagerly awaited game of the year. Never ones to drag their feet, spammers are already hoping to catch gamers out with the offer... 30 April 2008 14:40 GMT
-
More poisoned adverts - Yahoo!Over the weekend the Spyware Sucks blog talked about Yahoo! serving up poisoned adverts via one of their websites. Subsequent posts suggested that Sandi Hardmeier had not received a favorable resolution... 30 April 2008 14:03 GMT
-
Game Over!Many people with even a vague interest in security will be aware of Defcon. The Vegas-based hacker conference is held as a yearly event where security experts and enthusiasts alike are able to present and... 28 April 2008 16:21 GMT
-
Infiltrating botnetsI read an interesting paper this morning written by folks at the University of Mannheim and Institut Eurecom. In the paper they present results of research in which they monitored the P2P botnet of Storm,... 28 April 2008 09:22 GMT
-
Phish of the dayEven in an otherwise quiet Saturday there are several phishing campaigns worth mentioning. The first is a campaign targeting Abbey UK bank. This is a standard but well orchestrated and sustained spamming... 26 April 2008 15:11 GMT
-
Happy Birthday SophosLabs BlogWith all the excitement of my vacation and Infosec, the fact that the SophosLabs blog is now one year old escaped me.
I posted the first entry on April 19th last year following a malware attack using the... 25 April 2008 16:02 GMT
-
Do you recognise him?With no end of malware these days aggressively targeting peoples’ finances and personal data it was a surprise this morning to see a simple VBS script worm, apparently written with the sole aim of... 25 April 2008 15:58 GMT
-
Fraudsters Target Fears Over Identity TheftThe internet is a great place for fraudsters to con naive computers users by appealing to their fears and desires.
Fake/fraudulent anti-malware (anti-virus, anti-spyware etc.) applications have been around... 25 April 2008 08:18 GMT
-
Malware with a sprinkle of religious conscience?Today was a most unusual day; I analyzed two malware samples which contained religious themes in two completely different contexts. Before I go ahead and talk about these two samples, I want to apologize if... 24 April 2008 03:24 GMT
-
Want to become invulnerable? Now you can!Back when I was growing up, I remember playing video games such as Super Mario Brothers and thinking to myself, “Boy, I wish I could get star power and become invulnerable!”. Well dream no more,... 23 April 2008 23:47 GMT
-
Don't send login credentials via emailIn the last couple of hours, we’ve seen spam messages, obviously sent by hackers (as opposed to your run-of-the-mill spammer), claiming to be from the .edu domain administration department, asking the... 23 April 2008 07:11 GMT
-
Malicious SQL injectionWe have blogged a few times recently about a fairly widespread and aggressive attack used to compromise web pages by inserting a malicious script tag (which loads a malicious script from a remote site)... 22 April 2008 12:41 GMT
-
Meet SophosLabs at Infosecurity Europe in LondonThis week Mark Harris and I will be at the Infosecurity show in London, Olympia. Infosecurity is the biggest European Information security show and a very good opportunity to find out more about new... 22 April 2008 09:33 GMT
-
Blood Bank left under a malware cloud by website designerSophosLabs has numerous automated systems that help analysts with day-to-day tasks. Everyday Fraser and I get emailed a list of infected websites. This morning one in particular piqued my interest. It was... 20 April 2008 09:34 GMT
-
Former Miss Croatia's - Nina Moric - image abusedToday SophosLabs saw the image of the former Miss Croatia - Nina Moric - abused by malware. Nina isn’t the first celebrity to be abused by malware and won’t be the last.
Troj/Srizbi-A uses the... 19 April 2008 14:51 GMT
-
An end of phishing?Early last week I received a new toy security enhancement from my bank.
The card reader is to provide an extra level of security for online banking.
Will it be an end to phishing? and other bank fraud? It... 19 April 2008 07:26 GMT
-
The [not so] Invisible Recycled MalwareIn this modern age of GUIs, one-click-shopping, dragging-n-dropping and all things eye-candy, I still hang onto my trusty console window for sanity — and with good reason.
Microsoft Windows Explorer... 17 April 2008 08:50 GMT
-
From SecureCode to Verified by VisaApproximately two weeks ago, we mentioned a phishing attempt targeting the Mastercard’s SecureCode service [1]. We expected to see similar attempts targeting Visa’s counterpart service, Verified... 16 April 2008 00:15 GMT
-
You've been subpoenaed We’ve been hearing about some very targeted emails relating to federal subpoenas, sent specifically to CEOs - a variation on a theme we’ve seen before.
This sort of targeted malware attack has a... 15 April 2008 23:58 GMT
-
Another Day Another Worm With A Love MessageBeing on the “other” side of the world, the Australian Lab virus analysts sometimes get the odd-looking malware in our time zone.
Just because we’re standing upside down (just kidding!) on... 15 April 2008 06:34 GMT
-
Quality versus QuantityA certain blockbuster movie would have us believe that, at the ancient battle of Thermopylae, 300 Spartans managed to hold off over 1 million Persians. Not quite the whole story, but it made for a good... 14 April 2008 14:28 GMT
-
OLE2 a popular malware delivery mechanism?OLE2 (Object Linking and Embedding v2) is a Microsoft container file format which can hold objects of various types in a similar fashion to that files on in a file system. Due to the complex nature of this... 12 April 2008 09:48 GMT
-
The word of the day is drive-byDrive-by: as in drive-by download the act of malware being installed on a computer while browsing hacked sites.
Earlier this month we saw reports of a dictionary publishers website (Cambridge University... 11 April 2008 11:08 GMT
-
Wow - 1,122,311 threats out thereBrowsing the BBC website this morning I came across this reference to how many malicious code threats are out there. Apparently the number is 1,122,311. Now that’s a pretty big number by... 11 April 2008 09:08 GMT
-
Plug-n-prayThe recent news of yet another storage device being shipped with 'pre-loaded' malware raises the question on what level of trust we can assign to a fresh out of box device.
In the most recent incident,... 11 April 2008 07:34 GMT
-
Yours, Secretary of State for Health. Part IIINearly a year ago SophosLabs blogged about am amusing Nigerian scam. We followed up the post with another showing some errors in the email messages.
Yesterday, the Register posted about a similar scam.... 10 April 2008 08:47 GMT
-
Fake outRecently, I was analyzing a file that had come in, and at first it looked like a standard dowloading Trojan. Not very interesting, right?
But instead of immediately writing a detection and moving on, I... 9 April 2008 20:19 GMT
-
Excel exploit squashed by BOPSAfter receiving a few queries regarding the recent unspecified Microsoft Excel vulnerability (CVE-2008-0081) recently patched as part of MS08-014 I finally managed to receive a sample this week. As is... 9 April 2008 15:57 GMT
-
Unsubtle StormToday’s new wave of Storm-related spam continues the love-based theme they started to use recently (subjects include “Somebody loves you”, “I Wanna Be With You” and “I... 8 April 2008 16:55 GMT
-
Kraken: a giant squid or a wet squib?Yesterday I read a couple of news articles about the Kraken botnet - supposedly twice the size as that for Storm (aka Dorf) [1,2]. Interesting, and potentially worrying, especially when I read the... 8 April 2008 11:18 GMT
-
Add an extra layer of credit card security with SecureCode or not Usually, bank account phishers ask users to confirm their accounts due to supposed maintenance, database corruption, or possible compromise of the users’ accounts. Today we came across a phish of a... 4 April 2008 23:07 GMT
-
Learning Wales gets you infectedLast month we reported a high profile site infected with Troj/Badsrc-A. Looking through the feedback we get from the WS1000 web appliance, we have seen some more high profile infected sites.
As I write the... 4 April 2008 11:32 GMT
-
BBC TV identity fraud documentary now onlineBBC One has now broadcast the TV documentary we told you about yesterday examining the problem of identity fraud. We’ve received a number of emails from viewers either asking questions about how... 4 April 2008 11:09 GMT
-
Evasion through (self) Injection IIFraser’s article Evasion through Injection outlined how and why malware employs injection to evade runtime detection however a different style of self injection or loading is also being used to... 4 April 2008 08:50 GMT
-
Google redirected malware - two months laterA little over a month ago, we blogged about celebrity-themed malware campaign that was redirected through Google [1], [2]. Even though the spam campaign linking to the malware is now two months old, it is... 4 April 2008 00:28 GMT
-
Sophos on BBC Identity Fraud documentary tonightTonight British readers of our blog will be able to see behind-the-scenes at SophosLabs in a documentary being broadcast by the BBC.
The “Identity Fraud: Outnumbered” documentary, which was... 3 April 2008 11:20 GMT
-
RAPIL - a slap in the face for hackers and virus writersAn exciting day in SophosLabs. After long and arduous efforts, we announce our new beta technology offering to defeat the hackers, which we are currently referring to as RAPIL (Recognition and Analysis of... 1 April 2008 00:07 GMT
Select another month
RSS feed
Atom feed
Send us your feedback
Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.
Send us a sample
If you have suspicious files that our software has not detected, please send us a sample for analysis.
