SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

2007
2008

September

When a bank site hosts a phishAt SophosLabs, we receive an assortment of bank phishes every day. In this day and age, banks are taking immediate actions in bringing down phish pages down to protect their own customers. Banks also...
30 September 2008 01:04 GMT
YAWI Mal/Badsrc-COn Friday, SophosLabs saw that the website of a major African Sunday newspaper was infected with Mal/Badsrc-C. We took steps to contact the sites owners and the site is thankfully now clean. So this morning...
28 September 2008 13:26 GMT
Hail and farewellDuring the last week we have seen a new trick being used by Mal/Badsrc-C. The trick is not new but like all things in the malware world old tricks get re-used on a regular basis. This trick is to encode the...
27 September 2008 11:10 GMT
September Round UpFor the past couple of years there has been a significant shift in the way malware is distributed, away from email attachments to links in emails and so called drive by download from compromised websites....
26 September 2008 20:13 GMT
Runtime HIPS stops Virtum infectionsVirtum (aka Virtumonde, Virtumondo) is one of the most prevalent malware families we have seen in recent times. Barely a week goes by without seeing more samples of the damn thing. They are constantly...
26 September 2008 15:16 GMT
Find your soulmate on YouTubeRecently we have seen fake versions of the YouTube site being created for hosting malware. Now we have seen the real YouTube website being used to promote a “dating” spam campaign. The email is...
23 September 2008 08:24 GMT
You Can Run But You Can't Hide … unless you leave your mobile phone behind. Yesterday I was rudely disturbed by a mobile spam campaign. The spam had the following message: Credit crunch biting? government solution to. wipe 70% of...
21 September 2008 14:55 GMT
Error Error on the Wall Who's the Foulest of Them All? In the modern IT security world the presence of “joke” programs is uncommon, overwhelmed by an avalanche of malware motivated by financial incentives. Recently we received such a...
21 September 2008 14:10 GMT
Depressing Saturday spamSitting here in the lab on a sunny Saturday while friends and family are out and about enjoying themselves is, in some respects, pretty miserable. No matter how much you enjoy your job, you’d...
20 September 2008 11:05 GMT
Presidential Malware PredictionsDuring my trip to Interop earlier this week, I was discussing with a number of colleagues how unimaginative malware authors seem to be. No national holiday seems to go past without some form of greeting...
19 September 2008 12:17 GMT
Shall I compare thee to an SQL Injection?” Shall I compare thee to an SQL Injection? Thou art more common and more widespread: Rough winds do shake the World Wide Web, “ Apologies to the bard. Over the last couple of days WS1000...
19 September 2008 06:55 GMT
Stacking the StackI was having a look at today’s ecard.exe spam campaign (detected as Troj/Agent-HRI) and saw an anti-emulation trick I hadn’t seen before. Quite a lot of the samples we analyse at the moment use...
19 September 2008 01:47 GMT
Tie a yellow ribbon Reading the blog of a malware colleague this morning I saw an interesting post. Roger Thompson highlighted that the Texas National Guards website has been attacked. SophosLabs have been monitoring the...
18 September 2008 09:04 GMT
Honestly AmusingOf the millions of spam messages and campaigns we see on a daily basis, touting everything from Oriental tax evasion and Russian brides to Britney videos, seldom do we see one that’s actually truthful...
18 September 2008 05:55 GMT
dot HT what? More Fake Alert trickery.Following on from the previous post about some of the tricks fake alert malware is getting up to [1], yesterday I noticed an interesting post on the Internet Storm Center diary [2]. It would appear...
17 September 2008 11:20 GMT
Soviet Phishing?We’re used to seeing lots of .CN and .RU domains in our spam queues, but this morning we’ve noticed something a little out of the ordinary. We’re seeing an influx of phishing emails,...
17 September 2008 10:54 GMT
It wasn't me, it was a Trojan.Back in 2007, Sophos published a news story highlighting the abuse of forums and user comments in order to distribute links to child abuse content [1]. Recently, we became aware that some of the news...
17 September 2008 06:51 GMT
Sophos and Sarah Jessica Parker Never let it be said that my job isn’t glamorous. New York - home of Sarah Jessica Parker and rest of the “Sex and the City” cast - is hosting the “Fashion Coterie” show this...
16 September 2008 14:16 GMT
Military medical system hackedHospitals are there to help you when you’re not well, and the military are there to protect you. Hence Sophos users who visited the following Naval medical site were probably a bit surprised when...
16 September 2008 12:38 GMT
Spam with a Touch from the OrientOf the many spam samples we receive here at SophosLabs, one of them is from oriental China. Shopping experiences are totally different from Western countries, where end consumers have to figure out their...
16 September 2008 00:44 GMT
Not a good time to become a Merchant BankerGiven the recent problems the world has been experiencing you would think that now would not be the time to become a merchant banker or any other job in financial services with the Lehman Brothers, Merrill...
15 September 2008 09:01 GMT
Jokes on youMalware often utilizes distraction techniques such as audio or video clips to both appear harmless and draw the unsuspecting users attention away from what might really be happening. Today’s sample of...
15 September 2008 08:56 GMT
More fake YouTube malware sitesThough this Saturday is reasonably quiet, on the malware and on the spam front, the fake YouTube campaign mentioned previously by Dmitry continued on another compromised site. This is most probably, judging...
13 September 2008 14:48 GMT
Fake Alert malware with a sting in the tailEarlier this morning, whilst perusing through some web attacks seen over the last few days, I noticed an interesting one, which I will outline in this blog post. The attack starts on what looks to be some...
11 September 2008 10:50 GMT
Hurricane postcardsWhen we see a stack of “click here to retrieve your free postcard” emails in our spam queues we can usually place bets as to what malware will be installed upon clicking. Something a bit more...
10 September 2008 13:46 GMT
Microsoft September 2008 Security BulletinAugust is the month of holidays and conferences and the activity of vulnerability researchers is accordingly lower. Nevertheless, Microsoft’s September Security Bulletin contains 4 high profile...
10 September 2008 11:37 GMT
iPod: music, movies and malware?Many people are quite aware of the dangers of using USB keys in corporate environments. However, iPods, digital cameras, mobile phones and the like pose the very same risk if they are connected to your...
10 September 2008 06:03 GMT
Coming To A Conference Near You!The next few weeks is going to be very busy for me and many other members of SophosLabs it appears to be conference “season”. Next Wednesday (September 17th) I’m taking part in a panel...
9 September 2008 17:10 GMT
Yet more FakeAV trickeryToday I was doing some analysis when I ran across this gem in our queues. It’s Troj/FakeAV-DB. but what made this one entertaining was the EULA. Now I appreciate many people do not read EULAs, but I...
8 September 2008 21:18 GMT
Linux/Rst-B - very much alive and kickingLast month a snippet of our Linux malware research was published in Virus Bulletin. Virus Bulletin is the de facto anti-malware publication but is only available via subscription. With their permission, we...
8 September 2008 13:27 GMT
Me.com. Your identity everywhereAppleInsider are reporting a phishing campaign targeting MobileMe users, following an earlier attack less than a month ago. If the figures from CardCops are correct then the first attack netted credit card...
8 September 2008 09:27 GMT
More Fedex Spam MalwareIt has been a relatively quiet weekend here at SophosLabs. However, we are continuing to see Fedex spam with a subject like “Fedex Tracking N*5421062126″ and the following message body: Error!...
7 September 2008 12:37 GMT
Fake YouTube site points to malware I’ve JUST blogged about that fancy webpage that tries to install a malicious “codec” on your computer. And, believe it or not, I wanted to finish my post by saying that “I...
6 September 2008 22:27 GMT
$2M being paid to 419 fraud victimsSounds too good to be true, isn’t it? A well-known theme of phishing scams is to alert you of phishing activity against your bank, in order to bring more legitimacy to fraudulent e-mail. Clearly, if...
6 September 2008 20:57 GMT
You need a codec to watch thisAngelina Jolie continues to lead in the “top malware subjects” competition. Today’s version of the spammed out “Angelina Jolie naked clip” malware would not be worth blogging...
6 September 2008 20:25 GMT
When to judge a book by its coverIf you were to take a random exectuable file from our (or any other vendor’s) malware collection, the chances are it would be packed with something. These tools, often just referred to as packers (but...
5 September 2008 17:25 GMT
Alien Cartoons Become Bad GirlsWe’ve seen what seems like an endless stream of email attachment malware over the past few weeks. Some of it was noteworthy because it used a slightly more originally social engineering...
4 September 2008 17:35 GMT
More Facebook funToday we got yet another sample of malware attacking Facebook. We detect this lot as Troj/Koobfa-A. It has some interesting characteristics. You can see how it attempts to log in to Facebook, look up...
3 September 2008 21:46 GMT
Latest Test Results are InLike many students during the summer break waiting for their exam results, we have just heard news of the latest set of tests carried out by AV-Test.org The tests covered a wide variety of different aspects...
3 September 2008 16:05 GMT
Who? What? Yikes!Move aside Britney, it’s now time to dance & party to the tunes of Ciljeta Cilaga and Altuna Sejdiu! Who? Pictures are worth a thousand words and so the spam messages conveniently provide you with...
2 September 2008 19:38 GMT
A most laborious Labor daySeems like malware authors and organized gangs involved in spammed out malware have zero notion of “a day off for the working citizens”. SophosLabs North America (Canada & the US) dealt with...
1 September 2008 23:01 GMT
Insta-spamA problem that has been around for a while is that of instant messenger spam. The impact it has on a victim is only worsened by the fact that one's friends and family are also affected. Spam is a...
1 September 2008 11:36 GMT
Beware of Gustav related scamsWith the threat of Hurricane Gustav looming large [1], users should prepare themselves for the scams we may well see in its wake. A few years ago we saw attackers exploiting Hurricane Katrina [2] in order...
1 September 2008 09:39 GMT

Select another month

RSS feed

SophosLabs blog

Atom feed

SophosLabs blog

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.