Monthly Archives: July 2008

Scriptable SFX and Multi-Component malware

by SophosLabs on July 10, 2008 | Comments Off
Aussies fall for "Shop for Free" scam on Facebook – watch out!

For the most part malware is easy to identify and categorise as it's often either an individual malicious file or a small collection of malicious files, but the scripting capabilities of most archivers and installers is changing this. As I Read more…

Share

World war III has started! US has invaded Iran! Click here to see the firsthand video!

by Mike Coulter on July 9, 2008 | Leave a comment

Don't worry readers, a new war hasn't started. What you see instead is the latest is the latest campaign from the Dorf (Storm) botnet. Just 4 days after after the Independence day fireworks campaign, the Dorf authors are back with Read more…

Share

Hello Kitty, Goodbye Viruses?

by Graham Cluley on July 8, 2008 | Leave a comment
Image (1) hello-kitty-virus-protection.jpg for post 12161

I thought I had seen it all. I've been working professionally in the anti-virus business since January 1992, and in that time I've seen anti-virus companies quote the Moomins in their press releases, produce a rap song video and even Read more…

Share

Siberia 2 - this time it's personal

by SophosLabs on July 8, 2008 | Comments Off
Australian airport security – does it break your IT department's policy?

An update for those of you following the saga that is Pushdo (1, 2). We're still seeing unusual API calls, but recent variants have two slight variations on this theme. Firstly they check memory for the presence or absence of Read more…

Share

The niggling b's: Another chapter in the SQL injection story

by SophosLabs on July 7, 2008 | Comments Off
Default image

Besides using Sophos Anti-Virus, a manual way of confirming a page having been hit by one of the recent SQL injection attacks was to run the following command: egrep -ri '\/\w\.js>' * The main script name has been b.js but Read more…

Share

Javascript scanner - just what the doctor ordered.

by SophosLabs on July 7, 2008 | Comments Off
Default image

A Javascript online threat scanner? Ok, not really, just another scam we have been seeing in recent weeks, which I took a closer look at over the weekend. A while back, I analysed all of the malicious Troj/Unif-B threats we Read more…

Share

From Dorf: Happy 4th of July

by Mike Coulter on July 3, 2008 | Comments Off
Default image

Independence day has always been a big event for our neighbors south of the border. For the Dorf (Storm) authors, this is no exception. After staying dormant for a day, the Dorf botnet launched the latest campaign at 13:00 PST. Read more…

Share

Sony PlayStation website malware infection - revisited

by SophosLabs on July 3, 2008 | Comments Off
Sony PlayStation - Revisited

Yesterday's blog on "Sony PlayStation succumbs to SQL attack" raised some questions. Is the site still infected? What is scale of this attack? Who else has been hacked? Why mention Sony PlayStation? How can I protect my site? The good Read more…

Share

Malicious MySpace Tom!

by SophosLabs on July 3, 2008 | Comments Off
Default image

Everyone who's ever had a MySpace account knows Tom. Tom is everyone's friend, like it or not. So getting an email telling you Tom has sent you a message is a perfectly plausible notification for any MySpace user. If you Read more…

Share

Avoiding SQL injection attacks

by Fraser Howard on July 3, 2008 | Leave a comment
securing-thumb

One of the reasons the web is so popular with attackers today is that innocent sites can be compromised and used to infect large numbers of victims.

The best solution is to avoid getting hit in the first place.

Share

SophosLabs - the bloggers revealed

by SophosLabs on July 2, 2008 | Comments Off
Default image

Since we started the SophosLabs blog back in April 2007 we've been asked a few times to share a little information about the people who post up here. The SophosLabs blog is updated around the clock, seven days a week, Read more…

Share

What happens when we find an infected website?

by SophosLabs on July 2, 2008 | Comments Off
Default image

Regular readers of the SophosLabs blog will be well aware of the recent large scale infection of web servers by SQL injection attacks. With the rise in compromised high-profile websites such as Sony PlayStation and the Association of Tennis Professionals, Read more…

Share

Sony PlayStation site succumbs to SQL attack

by SophosLabs on July 2, 2008 | Comments Off
Image (2) playstation.jpg for post 19844

Over the last few months we have mentioned the current wave of SQL injection attacks plaguing the web (1, 2, 3 and 4). Yesterday, we spotted that Sony's USA PlayStation website - a high profile website with a large number Read more…

Share

Every 50 seconds, someone loses their laptop at a US airport

by Graham Cluley on July 1, 2008 | Leave a comment
Every 50 seconds, someone loses their laptop at a US airport

We've all heard the expression "in a blink of an eye", but when it is connected to the loss of expensive computer hardware containing your company's confidential data it becomes a startling statistic. PC World reports that over 12,000 laptops Read more…

Share

Critical Microsoft update via Amazon EC2?

by Brett Cove on July 1, 2008 | Comments Off

This past weekend a fairly typical malware campaign started to arrive on our global network of spam traps, using the common technique of disguising itself as an "Important Windows Update". Its characteristics are mostly what you would expect from spammed Read more…

Share