Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

March

  • April Fools DorfApril Fools Day is an opportunity for many to play practical jokes on each other. Unfortunately it’s not just harmless pranks, but malware authors are also jumping on the bandwagon. Those behind the...
    31 March 2008 22:03 GMT
  • Troj/Unif-B - a hive of activityOver the past few weeks we have noticed an increasing number of sites compromised with a malicious script we detect as Troj/Unif-B. Our automation systems dutifully process the data, extracting target URLs,...
    30 March 2008 15:42 GMT
  • Fake shooting scam used in Trojan attackEarlier this morning SophosLabs noticed a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a spy Trojan. We saw several spam messages...
    29 March 2008 09:42 GMT
  • Swim in $$$ = Swim with Sharks!“Im ************, i swim in money $$$ I want you to swim with me!!! send this file to all friends and join me!!” If you are swimming with Troj/Nymod-A and looking at what appears to be the...
    28 March 2008 23:13 GMT
  • Evolving Pushdo - Mutant of the FutureWe’ve seen continued activity from the author of Pushdo this year, with new variants being pushed out on a regular basis, usually by spam. One of the latest tricks we’ve seen them use is to use...
    28 March 2008 00:14 GMT
  • Style over content - new Mac scareware emergesTroj/MacSwp-B is a standard piece of scareware, only notable because it is one of the few examples that has been written for Mac OS X. The author has made a little effort with the presentation, to ensure...
    27 March 2008 19:24 GMT
  • Speed up your PC! for FREE!What’s the easiest (and cheapest) way to get a faster computer? Delete Windows of course! At least, that’s the joke that’s been going around probably since the advent of Windows 95 in...
    27 March 2008 00:43 GMT
  • Watch football - get infected.Excuse the title - we have previously had ‘Get married…‘, ‘Get a visa…‘, ‘Get a domain…‘, so I thought it was appropriate. Recently SophosLabs...
    26 March 2008 15:45 GMT
  • Secunia websiteI’ve had a number of queries recently about the Secunia website. Secunia is provider of security and vulnerability research and information, and one of the lists of data they provide is a...
    25 March 2008 14:23 GMT
  • Steer clear of peer-to-peer An interesting area of research is finding malware samples scattered about the internet. The aim is to find samples and ensure we provide detection before any of our customers are affected. There are...
    25 March 2008 12:45 GMT
  • How real is the threat from web-based malware?As regular readers of this blog will know, I am always looking for ways of measuring the effectiveness of the protection SophosLabs provides. You will also know that there has been a distinct shift towards...
    25 March 2008 10:19 GMT
  • Space InvadersI was looking around in MySpace the other day when I came across the profile of someone I know quite well. At least I thought I knew him well until I saw his bulletin board where he proclaimed his great...
    24 March 2008 22:17 GMT
  • Another Sunday, another exploited PDFGone are the days when PDF documents enjoyed being generally considered safe. Ever since last year’s much publicized PDF exploit, PDFs are no longer considered safe. I realize I might be sounding a...
    23 March 2008 22:49 GMT
  • Apocalypse not yetThe USB worm W32/Zaap-A successfully spreads itself to removable disks, and in some cases to data CDs burned on the infected computer. The writer also intended for it to display the following message if it...
    23 March 2008 11:31 GMT
  • The Naïve Samaritan.No, it’s not a Conrad novel. Utilizing the very same malware techniques to combat malware samples themselves does not constitute an act free from impugnment. No one is above the law … and such...
    22 March 2008 17:16 GMT
  • New browsers, new HTML, new threat?With the recent announcement of the draft specifications for HTML 5 [1,2] has come a fair amount of excitement in the web developer community, particularly as we start seeing more browsers offering support...
    21 March 2008 14:28 GMT
  • In-game spam - All your gold are belong to usSophos protects against a huge amount of malware which attempts to steal World of Warcraft account details, malware which raises questions about the nature of virtual property. Why would you want to steal...
    20 March 2008 09:58 GMT
  • Another eBay scam: Too good to be true.Earlier this week SophosLabs was alerted to another potential eBay scam (see article on The Register). A high performance vehicle, included as a featured listing, and at a ridiculously low price had...
    19 March 2008 10:39 GMT
  • When the needle dwarfs the haystackMalware analysis isn't just about examining the current samples but also at predicting trends and attempting to stay ahead of the bad guys. By looking at samples which aren't being detected by our...
    19 March 2008 08:29 GMT
  • Spam king 'caponed'?IDG reports that major-league spammer Robert Soloway has pleaded guilty to criminal charges. Not for spamming, it seems, but for fraud and tax evasion. This will be cold comfort to readers in Australia,...
    17 March 2008 05:55 GMT
  • Software for educational purposes! You kidding me??Today I came across a dodgy piece of software which called itself Cryptic v2.3. This piece of malware claims to be an EXE encryptor with the main idea being it will run an encryption routine over your...
    16 March 2008 22:39 GMT
  • Nuclear catastrophe in Switzerland only false alarm?Worrying news is coming from Switzerland today. According to many emails I received from all over the world, an explosion happened 4 days ago in a power plant near Geneva and the nuclear cloud is spreading...
    16 March 2008 13:34 GMT
  • Eastern Europe - a new phishing target?A quiet Saturday so far. One thing perhaps interesting to point out is a potential trend of phishing attacks moving geographically to East. The writer of this phishing email in Czech language wants to make...
    15 March 2008 17:40 GMT
  • Phorm - potentially unwanted adverts?During the last few weeks I have been following a much heated discussion about a new advertising system developed by Phorm. Phorm has signed agreements with three of the biggest UK ISPs, BT, Carphone...
    14 March 2008 16:45 GMT
  • Don't Let Application Vendors Let You DownI received a query from an IT department earlier this week asking me why they are being asked to temporarily disable On-Access scanning on a server. It turned out that they were trying to troubleshoot a...
    14 March 2008 13:38 GMT
  • Anti-virus company Trend Micro: Our website has been hacked, risk of Trojan horse infectionIf you have visited the website of anti-virus company Trend Micro this week there is a chance that your computer has been exposed to malware. According to reports in the Japanese media, a number of...
    13 March 2008 23:17 GMT
  • Is my spam count bigger than yours?Are you getting enough spam? Measuring how good is your spam protection is something that can be very hard to quantify. By its nature spam is very changeable. This morning's spam has been replaced with...
    13 March 2008 14:27 GMT
  • Life in the faux lane!Some people I know will try anything to squeeze that last little drop of performance from their Internet connection. I have read about others going to the extreme of installing an expensive central line...
    13 March 2008 05:32 GMT
  • If you go down to the airport today....and you happen to be flying British Airways on a long haul flight, be sure to check out the Microsoft sponsored documentary on Network Security. It’s a very useful 30 minute programme on computer...
    12 March 2008 14:02 GMT
  • Latest comparative testsEarlier this week, not one, but two large scale comparative tests have been published. The first by AV-Comparatives tests a on demand scanning performance of a number of vendors and awards various levels of...
    12 March 2008 12:12 GMT
  • Island hopping: the infectious allure of vendor swagEarlier this month I said that I would comment on an article in this months TechNet. The title of the article “Island hopping: the infectious allure of vendor swag “ is explained as...
    12 March 2008 11:32 GMT
  • No smoke without FirewireIn a recent programme on ITRadio.com.au, host Patrick Gray interviewed Kiwi security researcher Adam Boileau about his software called Winlockpwn. This software allows you to unlock Windows computers using...
    12 March 2008 06:11 GMT
  • G-StealerWe recently received a copy of a seemingly innocent and useful application called G-Archiver. On the surface it appears to be “your one click Gmail backup solution.” Digging into the code a bit...
    11 March 2008 16:52 GMT
  • A funny thing happened on the way to the forumLooking through my feeds this morning I spotted this amusing story on the Sunbelt blog. The forum, on a site about malware affecting Apple Macs, is littered with pornographic posts. A not uncommon...
    11 March 2008 12:43 GMT
  • Do I need anti-virus for my iPhone?I recently caved in and got myself an Apple iPhone. Working here at Sophos, my first question has to be “Do I need anti-virus software for it?”. Given that the iPhone runs a stripped down...
    11 March 2008 08:27 GMT
  • Spam per capita..You’ve probably already heard that the United States, Russia and China are the top spam-relaying countries. We decided to look at the volume of spam in terms of population, and a very different list...
    9 March 2008 22:25 GMT
  • A keyword on script obfuscationObfuscators and packers may have legitimate uses when it comes to concealing intellectual property or reducing memory footprint however when the obfuscation begins to include unused yet otherwise regular...
    9 March 2008 00:38 GMT
  • Turkish DelightWhilst perusing some malware today, I came across an interesting case. Readers are probably familiar with the Ardamax Keylogger application (detected as a Ardamax PUA). The application is frequently...
    7 March 2008 15:46 GMT
  • We've slashed our prices! Order your continued existence now!Back in January of last year we reported on a fairly threatening spam campaign in which the spammer, claiming to be a contract killer, offered his victim a chance to escape certain death by — and...
    6 March 2008 18:16 GMT
  • 29A virus-writing gang shuts downA notorious virus-writing gang has announced that it has ceased its operations. In a posting on 29A’s website, group member VirusBuster announced the end of a gang that was responsible for writing...
    6 March 2008 17:49 GMT
  • but, is it art?Combining engineering and art often results in interesting concepts, though using computer viruses as objects of art is relatively rare. The project Contagious Paranoia from Venice Biennale in 2001 was...
    6 March 2008 15:47 GMT
  • The many faces of malware >OI thought it would be most appropriate to start this blog entry with an “Ouch” emoticon >O. Read on… and the problem shall present itself. A relatively harmless looking CHM file...
    6 March 2008 00:58 GMT
  • Should software come with a Quality Certification?In a report last year the House of Lords Science and Technology Select Committee made a number of recommendations, including the suggestion that software, in particular security software should come with...
    5 March 2008 14:57 GMT
  • Detected or not detected?Although the advent of our Behavioral Genotype technology has meant that a large number of unknown (zero day) threats are now detected proactively there are still a few that slip through the net....
    5 March 2008 10:41 GMT
  • Interesting magazine articles this monthThe beginning of the month brings me new publications to read. Most of the time I scan them and discard them. In this month’s collection there is one magazine that has articles that I will talk about...
    3 March 2008 16:34 GMT
  • Tatyana would like to a) be your sex partner or b) give you malware?‘Sex sells’ is an alleged advertising mantra. ‘Sex sells’ is definitely a malware delivery mantra. Today’s installment is in German and a rough translation: Hello, I is called...
    2 March 2008 15:33 GMT
  • New Pushdo mailingSix weeks ago, SophosLabs told you about a new Pushdo mailing (blog) in fact we have mentioned Pushdo numerous times (1, 2, 3, 4, ….). Well in the last few hours we have seen a large...
    2 March 2008 15:11 GMT
  • Old worms never die they keep on mailing!Weekends are usually quiet working days and today has been no exception. Our spamtraps however, are never quiet. Looking at attachments being mass-mailed/spammed out would see little difference from a week...
    1 March 2008 15:43 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.