Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

June

  • SQL attacks: now using .MOBI domains and installing scarewareEveryday, I look through the domains we detect as Troj/Iframe-AG because they are the domains associated with the SQL injections that have been plaguing the web over the last few months (1, 2, 3 and 4)....
    30 June 2008 10:57 GMT
  • Viral VersioningWe’ve seen increased numbers of viruses this year, not least from the Sality family, and that’s included a fair amount of battling with corrupt infections (1, 2). But while analysing the code, I...
    28 June 2008 23:13 GMT
  • Crime is winning the dayJust a typical day at Sophoslabs. I wouldn’t say quiet exactly, because we never are these days, but nothing especially new, just variations on familiar themes. On the spam front there’s been a...
    28 June 2008 17:13 GMT
  • Must reads: If you do anything today Two recently published articles are definitely worth a read. Microsoft SQL Injection advisory In a previous post [1], I discussed the fact that the recent surge in SQL injection attacks warranted more...
    25 June 2008 07:29 GMT
  • Game, set and match.Today is the first day of Wimbledon 2008, one of the four grand slams. With a large global audience, viewing figures for these top tournaments are huge. Similarly, the volume of users browsing the various...
    23 June 2008 14:21 GMT
  • Storm is not goneOn this quiet Sunday one thing worth mentioning is definitely a new Storm campaign that was spotted in our traps about an hour ago. This time the social engineering technique combines adverts for an alleged...
    22 June 2008 13:56 GMT
  • Poetic spam? damn..We’ve recently seen an unusually poetic attempt at drawing people in to the ‘get rich quick’ scams in our spam queues. Someone seems to have actually put a little effort in here; Time is...
    21 June 2008 11:28 GMT
  • Install Anti-Virus Software on a Webserver? No need mate!When we contact the owners of websites that have been hacked to serve up malware, we often encounter the response “Install Anti-Virus Software on a Webserver? No need mate!”. This response is...
    20 June 2008 09:58 GMT
  • RECon'08 wrap-up Several analysts from Sophos recently attended the RECon’08 Reverse Engineering conference held in Montreal. Although not an “anti-virus industry” conference, the quality of trainers,...
    19 June 2008 10:19 GMT
  • Breaking (malware) news: New earthquake in China! Olympic games under threat of failure!With the Olympic games in Beijing a little over a month away, spammers and malware authors are coming up with new campaigns to take advantage of this highly anticipated event. Today, we received a new spam...
    19 June 2008 02:02 GMT
  • Scramble! Scramble! SQL injection - time for an alert?Sadly, it would appear the recent SQL injection shenanigans [1] are continuing apace. Back in May, I took a look at a couple of weeks’ worth of data on the sites we had seen that had fallen victim to...
    18 June 2008 12:39 GMT
  • The World-Wide iPhone ExchangeSophos has just returned from the Apple WorldWide Developer Conference, an annual meet-up of Mac (and this year, iPhone) developers eager to discover and discuss information about what’s new in...
    17 June 2008 18:02 GMT
  • End of the internet - again?Every day while I am driving to work I listen to the excellent Today programme on BBC Radio 4. Long time ago when I moved to England I was surprised that a station with almost no musical content was so...
    17 June 2008 14:19 GMT
  • Firefox 3 imminent!Today is the day for the release of the Firefox 3 - the first major update from Mozilla since, mmm, Firefox 2. Anyhow, it is eagerly anticipated by many, including those of us who have been using the beta...
    17 June 2008 14:17 GMT
  • Harbouring a CriminalSeveral companies have used rootkits for allegedly bona fide purposes. The most notable was when a certain well-known electronics and media company, a personyfication (sic) of reliability some might say,...
    15 June 2008 11:30 GMT
  • Happy Father's Day!Our spamtrap networks have been hit with a new malware attack posing to be an e-card from Regards.com service: The link takes you to a compromised page on a PHP-based forum site, which in turn performs a...
    14 June 2008 22:16 GMT
  • Spammer TicketMaster With the 2008 European Soccer Championships taking place from June 7 to June 29, 2008, in Switzerland, spammers are taking advantage of it due to the limited availability of game tickets. Today on one...
    14 June 2008 00:04 GMT
  • Bot Master Bentley Behind Bars - A Small VictoryWhen I give presentations or tours of SophosLabs one of the most common questions I am asked is “Do you work with law enforcement agencies to track down the malware authors” my usual response is...
    13 June 2008 12:46 GMT
  • Proactive Detection - The devil's in the detailLast week saw the publication of the latest report from AV-Comparatives.org on proactive detection rates. The process followed is to take a product that is effectively out of date (i.e. no updates applied)...
    11 June 2008 08:04 GMT
  • Amazon, DoS, Short-n-Distort Yesterday, I blogged about a new spam campaign that was referring to recent troubles with Amazon.com website. The assumption was that the scammers are spreading the word in order to convince enough people...
    10 June 2008 23:02 GMT
  • Short-and-distort stock spam?The so-called “pump-n-dump” stock scam dominated the spam arena in 2007. It fueled the increase in “image” spam and was contributing to over 30% of total spam volume sent. In 2008,...
    9 June 2008 23:03 GMT
  • Wrong kind of 'accident and emergency'We have blogged about the recent SQL injection attacks a few times recently [1,2]. Though we have not mentioned it in the last few weeks, the problem has certainly not gone away. We are still seeing large...
    6 June 2008 11:19 GMT
  • To my Italian friend, refill your phone card for free!Every once in a while, we come across some highly targeted campaigns, especially against specific languages. Today, we encountered an Italian spam campaign with the malware Troj/Fagianom-A attached in a zip...
    6 June 2008 01:52 GMT
  • Pushdo keeps on pushing On Tuesday we saw a large blast of emails containing attachments which were detected as Pushdo. Their strategy this time was to take advantage of many womens’ weakness and offer a 50% discount card...
    5 June 2008 21:34 GMT
  • Facebook spamIn the realm of Web 2.0 we see a prevalance of information sharing, especially in social-networking sites such as MySpace and Facebook. While there is nothing wrong with information sharing, there have been...
    5 June 2008 19:12 GMT
  • Want to invest in Manchester United?We got something a little unusual in our spam queues this afternoon. It’s not often we see phishing emails supposedly from Sir Alex Ferguson himself. Dear Manchester United Fan, We are please to...
    5 June 2008 15:08 GMT
  • Self cleaning malware back in vogue?Back in the 1980s and early 1990s self-disinfection was a technique used exclusively by parasitic viruses to avoid detection, however it seems the modern malware writers have rediscovered it. The sample...
    5 June 2008 09:13 GMT
  • More than just the browserOne of the questions I frequently get asked by customers is “Which browser do you recommend?“. My answer has been the same for a while now - it depends entirely upon the user and their...
    4 June 2008 16:49 GMT
  • Another Google Earth video - this time starring Britney SpearsWe had a great response to the blog entry we posted yesterday, describing how we have used Google Earth to track malware and spam campaigns around the world. Some of you have asked for a better look at the...
    3 June 2008 13:11 GMT
  • SophosLabs maps malware and spam with Google EarthEvery day SophosLabs receives millions and millions of pieces of data from around the globe about the latest malware and spam campaigns. Our worldwide network of spamtraps and honeypots as well as other...
    2 June 2008 20:47 GMT
  • A cyber-thriller for our German readers: Spam from the 8th floor Those awfully clever chaps in Sophos’s German offices have been busy. Not content with their day job of helping big businesses prevent hackers, malware, spyware and spam causing disruption they...
    2 June 2008 13:06 GMT
  • Untangling the multi-component threatFor the most part malware is built with a particular purpose in mind, be it harvesting passwords, acting as a backdoor, stealthing files or simply replication accross networks, but some recent samples are...
    1 June 2008 08:54 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.