Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

September 2007

  • The Pushdo ProblemRecently we’ve seen an awful lot of spam aimed at spreading Pushdo Trojans, something we mentioned a few days ago. In fact in the last week we’ve seen at least 5 extremely aggressive campaigns,...
    29 September 2007 00:38 GMT
  • Burmese demonstrations social engineeringAs is often the case with high profile news stories, malware authors are quick to theme the social engineering of their attacks accordingly. Today, SophosLabs received a submission of the following email...
    28 September 2007 08:16 GMT
  • IRS = PayPal?Today SophosLabs observed a typical PayPal phishing email which I found rather amusing. At first glance it seems to be your usual phishing attempt, where they claim they’re trying to do you a service...
    26 September 2007 22:40 GMT
  • Keeping abreast of the current spam problemTraditionally, SophosLabs see male enhancement products spammed. Over the past few years the spamvertised product range has changed (it is no longer just porn and viagra). Today, I saw the following:-...
    26 September 2007 16:14 GMT
  • Cross-platform nastiesWe were sent a sample this week written by a self-pronounced “Whitehat Hacker” for a worm written using the .NET framework, that we’re detecting as Mal/Fallblo-A. What makes this malware...
    26 September 2007 01:54 GMT
  • Another Pushdo spammingToday we have seen another large spamming of a downloading Trojan masquerading as something exciting (along the usual theme of a new, hot game or picture). Happily, the creation is proactively blocked by...
    24 September 2007 12:58 GMT
  • Break The BrokerThis was a fairly quiet weekend at the SophosLabs UK headquarters. It seems all the hackers took a nice weekend out since the malware front was abandoned. It’s a shame we cannot say the same about the...
    23 September 2007 16:14 GMT
  • Is the Wildlist still relevant?Just wanted to say hello from all the SophosLabs members here at the Virus Bulletin conference in Vienna. The VB conference is one of the very few events where technical people from the industry meet and...
    20 September 2007 17:05 GMT
  • How to entice victims: part 1.SophosLabs see lots of ways that spammers and malware authors use to entice victims to vist their sites. One of the most popular is by using popular products or services. Here is an example of spam using...
    18 September 2007 14:05 GMT
  • Saving HistoryFollowing the news last week about laptops being shipped with an old boot sector virus. There have been a number of reports about how well modern security products fare against these old types of threats....
    17 September 2007 14:35 GMT
  • Plus ca changeAnother day another Dorf campaign, this weekend saw another episode in the ongoing ’storm’ of spam emails with links to download Dorf. This variant of the spam is using the lure of Arcade Games...
    17 September 2007 09:19 GMT
  • Blast from the PastNews is circulating within the industry of laptops being sold that are infected with an old boot sector virus called Angelina (also known as Stoned.Angelina). My memory is getting a bit hazy so I had to...
    14 September 2007 14:48 GMT
  • Big fish caught in the netA few days ago SophosLabs became aware of a malicious script detection (Mal/ObfJS-C) triggering on webpages of the U.S. Consulate General in St. Petersburg, Russia. We immediately checked the site but could...
    12 September 2007 11:48 GMT
  • The problem with generic detectionOur goal within SophosLabs is to provide the best protection for our customers. Key to this is providing the best proactive detection of both malware and spam. It is much better to have detected and blocked...
    11 September 2007 13:56 GMT
  • NFL Kickoff weekend and another Dorf malware campaignFor the third year in a row 16 games of the NFL American football kick-off weekend were sold out in advance. With the great popularity of the sport and its first seasonal weekend, it is perhaps not...
    10 September 2007 10:10 GMT
  • Use the front door, not the windows!Here’s the situation. You’ve received an email. It purports to be from an organization that you have some dealings with. It proclaims some change in policy or procedures and presents you with a...
    10 September 2007 08:41 GMT
  • Fast-flux pharmaciesIt is another quiet Sunday afternoon in SophosLabs. I’d like to take advantage of the calm to write about a different aspect of spam. One of the things that makes the sites advertised in spam so hard...
    9 September 2007 19:34 GMT
  • Brute forcing your eBay accountWe recently received samples of a new sophisticated Trojan which targets eBay user accounts. The Trojan uses a complex, multi-stage attack method, with the final stage using the eBay developer API in an...
    8 September 2007 17:08 GMT
  • Global GreetingsThe seemingly endless stream of greeting card malware is begining to become tiresome, especially as we discussed it so often on this blog. But I thought I would share one more piece of information on the...
    7 September 2007 13:59 GMT
  • Anonymity online? Not so muchThis morning we saw the ever so popular Storm malware campaign hit, abandoning its method of pretending to be a video or an ecard and this time claiming to be the popular Tor anonymizer tool. As you can see...
    6 September 2007 21:14 GMT
  • Digging further into web attacksSeveral blog postings over the past few months have described web attacks that SophosLabs have identified (1,2,3,4). A lot of such attacks involve compromised sites - legitimate web pages that are modified...
    6 September 2007 08:49 GMT
  • You can run but can you hide?Today in SophosLabs we saw another worm that attempts to spread by means of removable USB flash drives. The worm (now detected by Sophos as W32/DelCyc-A) tries to disguise its malicious activity by hiding...
    5 September 2007 16:01 GMT
  • Happy Labor Day, have some malware! It’s been an extremely busy on the spam front this Labor Day Monday, in particular this morning with a large new ecard campaign, and as predicted only a few days ago it’s morphed again....
    3 September 2007 23:57 GMT
  • Moves like a file cracker, stings like a Bagle?Today we received a sample with filename “open me.exe”. As much as I wanted to resist, I was persuaded to execute it (on our re-imageable machines, of course). The sample has got an...
    2 September 2007 16:13 GMT
  • A Sunday with a viewWe've had a thankfully quiet Sunday here in SophosLabs Australia. Our lab overlooks the beautiful Sydney Harbor, and the view was made all the more spectacular by the fantastically clear, sunny day...
    2 September 2007 05:53 GMT
  • Stration author gets Muppet of the Day awardThe latest sample of Stration uses social engineering on several levels, including pretending to the be the Notepad application by using its icon (many previous Stration samples have done this) and arriving...
    1 September 2007 15:20 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.