Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

October

  • Witches, ghost, ghouls and malware authorsHalloween traditionally sees all sorts of undesirables crawl from out of the woodwork. Malware authors do come out to play on other days of the year but if you are looking for a last minute Halloween...
    31 October 2008 13:56 GMT
  • Beware of SMS solicitations in e-mail!A massive spam campaign in Russian caught my attention today. It masqueraded as a newsletter from a major Russian mobile network MTS and advertised some too-good-to-be-true lottery program. To participate...
    30 October 2008 23:15 GMT
  • The ultimate keylogger?I came across an interesting piece of research the other day. Martin Vuagnoux and Sylvain Pasini from the LASEC, the Security and Cryptography Laboratory at School of Computer and Communication Sciences in...
    30 October 2008 11:38 GMT
  • Infectious InvoicesOne of the most common forms of malware distribution en mass is to spam it out with some enticing message however as administrators slowly lock down their spam rules and block questionable content the...
    30 October 2008 10:47 GMT
  • A new phish frontier: Phishing of domain registrar accountsWe have started seeing a new kind of phish campaign today. Instead of the regular bank phish, or the more recent university/webmail email account phish, this new campaign targets domain registrar accounts,...
    29 October 2008 23:28 GMT
  • Not another eCard 2007 was the year of ‘Storm’ (also known as Dorf). One of the social engineering techniques it used (and which probably contributed to its success) was the lure of an electronic creating card...
    29 October 2008 13:52 GMT
  • Apartment scamsLast night’s BBC One’s Watchdog talked about a scam affecting bogus apartment advertisements. Those in UK will be able to access this here. While watching the show, I noticed a few glaring...
    28 October 2008 16:03 GMT
  • Return of Email MalwareRegular readers of this blog will know that I’m keen on measuring the effectiveness of the SophosLabs response to the changing threats. I use a host of metrics to measure proactive detection, response...
    28 October 2008 12:57 GMT
  • Voulez vous devenir un mule de spam?Voulez vous devenir un mule de spam? Would you like to be a spam mule? Anatoly Nikolayev would like you to become one. SophosLabs is currently tracking a large French based mule campaign. Now my French...
    28 October 2008 10:30 GMT
  • HIPS HIPS Hooray for proactive detectionThis morning looking through the customer submissions to Sophos (how to submit samples). I saw a sample with the ‘Rule or identity name triggered by this file (if applicable)’ form filled in as...
    27 October 2008 17:05 GMT
  • New kit, but with an achilles heelFor the last couple of weeks, I have been watching a series of new, related web attack sites surfacing. All follow a similar modus operandi, with an attack site exploiting a bundle of client-side...
    27 October 2008 15:30 GMT
  • Responsible TestingAs I have mentioned before, one of my roles here at Sophos is to work with various industry testers and ensure that Sophos products participate in relevant tests and that when they are tested they are...
    24 October 2008 15:46 GMT
  • The least pleasant aspect of my jobThe least pleasant aspect of working at SophosLabs is that some of the images in spam or in the spammed URIs are of a disturbing/graphic/illegal nature. We report emails and websites to the UK based...
    24 October 2008 09:25 GMT
  • MS08-067 - an out-of-band Windows critical security updateWhen Microsoft decides to release an out of band security update only a week after the regular monthly update you can be sure that we are dealing with a serious issue. You can read more about it in...
    23 October 2008 17:32 GMT
  • Fancy a scratch?This is a new one on me. Today in our spam traps we discovered a UAE company who have a novel approach to providing an anti virus service. So novel that we had to have a little chat with them before...
    22 October 2008 12:01 GMT
  • Crafty little redirectAs discussed previously, redirection - the ability to guide/control user traffic - plays a critical role in today’s malware [1]. In this post I will describe a crafty way of redirecting users from a...
    17 October 2008 15:08 GMT
  • Serious Badsrc MagicAt the end of last week SophosLabs discovered that Adobe’s website was linking to a site infected with Mal/Badsrc-C. The infection had been encountered by a business partner of ours who - thankfully...
    16 October 2008 12:40 GMT
  • Offended? I may well be.Whilst setting up a MySpace account earlier on this morning I experienced one of those “surely it can’t be” moments. Having entered my personal details I proceeded to goof up the initial...
    16 October 2008 09:21 GMT
  • Not Another Anjelina Jolie Malware CampaignYou would’ve thought that most of these spammers/malware authors would have given up by now. But no…. the Anjelina (spelling, people!) Jolie malware/spam campaign continues to rumble on...
    16 October 2008 05:40 GMT
  • October Microsoft Security BulletinsDuring the last couple of days we had a chance to analyse the latest vulnerabilities patched by Microsoft in the October Security Bulletin and create a set of our own advisories for vulnerabilities that are...
    15 October 2008 11:11 GMT
  • Follow our blog on TwitterI have to admit that it took me some time to become positive about micro blogging sites like Twitter. I thought I will never tweet, primarily because I did not not think anybody would be interested in...
    14 October 2008 16:35 GMT
  • Life in the LabsI’m a new recruit at Sophos, and thought there might be interest in my experience of starting here. It’s been three months since I started my training as a virus analyst, and I’m still...
    11 October 2008 15:31 GMT
  • UI redress attacks (aka Clickjacking)Recently there has been quite a bit of noise about attacks involving a technique dubbed ‘Clickjacking’. The tale starts back in September when a talk planned for the OWASP conference was pulled...
    9 October 2008 12:38 GMT
  • Money laundering or 419 spamSophosLabs regularly sees spam relating to “money processing” jobs. Typically, these spam emails contain phrases like import/export business making payments receive *% of each payment looking...
    8 October 2008 13:55 GMT
  • Anti-spam product testingLast week, while I was at the Virus Bulletin Conference in Ottawa I attended a couple of meetings on ‘Anti-spam product testing’. The meetings were scheduled to coincide with the conference...
    8 October 2008 09:19 GMT
  • Virus Bulletin 2008 and the endThis year’s Virus Bulletin had finished in Ottawa. On top of all the jokes, the quality of the presentations was good this year. Presentations related to the themes of Malware-disinfection,...
    6 October 2008 20:20 GMT
  • Yet another reason why malware really bugs me .Generally, most malware is completely unoriginal. The vast majority of the malware that we see does the same similar things over and over and over again. But occasionally, something comes through that lab...
    4 October 2008 21:46 GMT
  • SALiTy & cHIPSA new variant of the Sality virus (W32/Sality-AM) was seen by the Australian lab last night. The polymorphic file infecting virus is quite destructive by today’s standards and uses several tricks to...
    1 October 2008 10:28 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.