Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

July

  • E-ticket to MalwareAs with the recent spate of UPS themed spammed out malware, comes the E-Ticket one. The idea is the same - “Thanks for using our service blah blah blah ….. here is the attached...
    31 July 2008 02:09 GMT
  • Plus de spam de UPSToday’s UPS spam is brought to you with a French theme (we’ve seen previous instances in English and German). The messages so far all have a subject of “UPS colis postal”...
    29 July 2008 22:29 GMT
  • Dorf: Amero, postcards, FBI vs. FacebookAfter the US vs. Iran Dorf (Storm) spam campaign, the malware authors had taken a short break and the botnet stopped sending their regular campaigns. Starting a week ago, the authors have renewed their...
    29 July 2008 00:38 GMT
  • DNS vulnerability - patch now!A lot has already been said and written about a vulnerability affecting all major implementations of DNS resolvers, discovered by Dan Kaminsky. This post is just a reminder that you should apply patches...
    28 July 2008 15:22 GMT
  • Almost what I expected During some time off this week I booked the flights for my summer vacation. Checking for my confirmation email (using a personal email account not protected by Sophos’s PureMessage) I found not one...
    27 July 2008 13:45 GMT
  • Unusual CustomsThe people who brought you the recent malware in UPS spam, then in tax-themed spam, are now pumping out Customs-based messages. The current run has subject lines including the following: Customs - We have...
    24 July 2008 23:43 GMT
  • Dorf, Tibs and UPS - the malware spamming spree continuesAlthough I spend less time than I used to processing the operational day to day malware and spam submissions, it did not take me too long this week to start appreciating work of people doing this job every...
    24 July 2008 16:36 GMT
  • Looking for naked girls with guns?This week our colleagues in the web team shared some of our blog stats with us. What an eye opener! If you’ve ever wondered what the most popular search keywords are for visitors to the SophosLabs...
    24 July 2008 15:50 GMT
  • Latest Threats and TrendsToday we’ve released our latest Sophos Security Threat Report, a summary of what we have been seeing over the past six months. Regular readers of this blog will not be surprised that web threats...
    23 July 2008 12:29 GMT
  • Graham gets his own blog For the last few months I’ve been running my own blog internally here at Sophos, and now those terribly nice people in our web team have made it available for the world at large. You can visit...
    22 July 2008 15:04 GMT
  • How's our blogging? The SophosLabs blog has been up and running for quite some time now, but we haven't as yet taken time out to stop and ask the question How are we doing? Here in the Labs we devote time and effort...
    21 July 2008 10:20 GMT
  • Same old social-engineeringIt often surprises me that malware authors continue to stick to the same old social engineering tricks to dupe victims into infecting themselves. Whether this says more about the malware authors or the...
    18 July 2008 11:03 GMT
  • Video: Change your date of birth on Facebook - right nowIf you’re on Facebook and acting sensibly you’ll already have told the social networking site to hide your date of birth, so other Facebook users cannot view it. It’s a sensible thing to...
    15 July 2008 12:51 GMT
  • Death of the internet?Yesterday we saw some interesting emails in our spam queues, which for once weren’t related to gigantic members or 5 million dollar bank transfers. The attention grabbing subject line of these mails...
    11 July 2008 11:34 GMT
  • June Round upOther than the continuing growth in volume (up to 20,000 malware samples a day!) the main issue for the past month or so is the vast numbers of websites compromised with SQL inject attacks. Using search...
    10 July 2008 17:13 GMT
  • Scriptable SFX and Multi-Component malwareFor the most part malware is easy to identify and categorise as it’s often either an individual malicious file or a small collection of malicious files, but the scripting capabilities of most...
    10 July 2008 07:56 GMT
  • World war III has started! US has invaded Iran! Click here to see the firsthand video!Don’t worry readers, a new war hasn’t started. What you see instead is the latest is the latest campaign from the Dorf (Storm) botnet. Just 4 days after after the Independence day fireworks...
    9 July 2008 03:58 GMT
  • Siberia 2 - this time it's personalAn update for those of you following the saga that is Pushdo (1, 2). We’re still seeing unusual API calls, but recent variants have two slight variations on this theme. Firstly they check memory for...
    8 July 2008 00:07 GMT
  • The niggling b's: Another chapter in the SQL injection storyBesides using Sophos Anti-Virus, a manual way of confirming a page having been hit by one of the recent SQL injection attacks was to run the following command: egrep -ri '\/\w\.js>' * The main script...
    7 July 2008 14:11 GMT
  • Javascript scanner - just what the doctor ordered.A Javascript online threat scanner? Ok, not really, just another scam we have been seeing in recent weeks, which I took a closer look at over the weekend. A while back, I analysed all of the malicious...
    7 July 2008 08:35 GMT
  • From Dorf: Happy 4th of JulyIndependence day has always been a big event for our neighbors south of the border. For the Dorf (Storm) authors, this is no exception. After staying dormant for a day, the Dorf botnet launched the latest...
    3 July 2008 23:12 GMT
  • Sony PlayStation - Revisited Yesterday’s blog on “Sony PlayStation succumbs to SQL attack” raised some questions. Is the site still infected? What is scale of this attack? Who else has been hacked? Why mention Sony...
    3 July 2008 14:50 GMT
  • Malicious MySpace Tom!Everyone who’s ever had a MySpace account knows Tom. Tom is everyone’s friend, like it or not. So getting an email telling you Tom has sent you a message is a perfectly plausible notification...
    3 July 2008 14:36 GMT
  • Avoiding SQL injection attacksOne of the reasons the web is so popular with attackers today is that innocent sites can be compromised and used to infect large numbers of victims. As I have commented previously [1], web sites/servers...
    3 July 2008 10:40 GMT
  • SophosLabs - the bloggers revealedSince we started the SophosLabs blog back in April 2007 we’ve been asked a few times to share a little information about the people who post up here. The SophosLabs blog is updated around the clock,...
    2 July 2008 17:04 GMT
  • What happens when we find an infected website?Regular readers of the SophosLabs blog will be well aware of the recent large scale infection of web servers by SQL injection attacks. With the rise in compromised high-profile websites such as Sony...
    2 July 2008 16:30 GMT
  • Sony PlayStation site succumbs to SQL attackOver the last few months we have mentioned the current wave of SQL injection attacks plaguing the web (1, 2, 3 and 4). Yesterday, we spotted that Sony’s USA PlayStation website - a high profile...
    2 July 2008 07:40 GMT
  • Critical Microsoft update via Amazon EC2?This past weekend a fairly typical malware campaign started to arrive on our global network of spam traps, using the common technique of disguising itself as an “Important Windows Update”. Its...
    1 July 2008 00:15 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.