-
- ChetWisniewski: Why I think it's time to shutdown the DNS Changer servers http://t.co/WRQTzqhmabout 2 hours ago
- gcluley: RT @NakedSecurity Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops. http://t.co/EkjJN7Tzabout 15 hours ago
- ChetWisniewski: Ernst and Young loses 401K information after sending encrypted USB key and encryption keys in same envelope http://t.co/ZlIYyvgR12:54 AM February 04, 2012
Monthly Archives: October 2008
Protecting against things that go bump in the night..
Uh-oh. It's October 31st. And you know what that means. Halloween. Yes, it's time for all of us without children to turn all the lights off in the house and hide under the bed in case teenagers come knocking on Read more…
Witches, ghost, ghouls and malware authors
Halloween traditionally sees all sorts of undesirables crawl from out of the woodwork. Malware authors do come out to play on other days of the year but if you are looking for a last minute Halloween custom or toy then Read more…
Network Solutions and eNom targeted by phishing attack
So, you're probably all familiar with the concept of hackers and identity thieves trying to steal your bank account details, your eBay login details or even passwords for your online games, but what about criminals trying to steal the login Read more…
Beware of SMS solicitations in e-mail!
A massive spam campaign in Russian caught my attention today. It masqueraded as a newsletter from a major Russian mobile network MTS and advertised some too-good-to-be-true lottery program. To participate in the so-called "bonus" program you'd need to to sent Read more…
Six arrested following Sarkozy bank account hack
When you have a victim of banking fraud as high profile as the President of France, it's not surprising that the authorities will put a lot of resources and effort into getting to the bottom of who might be responsible. Read more…
The ultimate keylogger?
I came across an interesting piece of research the other day. Martin Vuagnoux and Sylvain Pasini from the LASEC, the Security and Cryptography Laboratory at School of Computer and Communication Sciences in Lausanne, Switzerland have discovered a way of monitoring Read more…
Infectious invoices
One of the most common forms of malware distribution en mass is to spam it out with some enticing message however as administrators slowly lock down their spam rules and block questionable content the malware authors are needing to continually Read more…
A new phish frontier: Phishing of domain registrar accounts
We have started seeing a new kind of phish campaign today. Instead of the regular bank phish, or the more recent university/webmail email account phish, this new campaign targets domain registrar accounts, as per the email below: The email fakes Read more…
Not another eCard - malware attacks via email
2007 was the year of 'Storm' (also known as Dorf). One of the social engineering techniques it used (and which probably contributed to its success) was the lure of an electronic creating card or 'eCard'. Over the course of the Read more…
Bono's private bikini party photos exposed by Facebook privacy issue
Are you a member of a geographic network on Facebook? We've raised the privacy challenges on Facebook, and specifically the issue of geographic networks you might have joined, before - and now rock star Bono of U2 has had private Read more…
Apartment scams
Last night's BBC One's Watchdog talked about a scam affecting bogus apartment advertisements. Those in UK will be able to access this here. While watching the show, I noticed a few glaring similarities to one of our own blog entries, Read more…
Return of email malware
Regular readers of this blog will know that I'm keen on measuring the effectiveness of the SophosLabs response to the changing threats. I use a host of metrics to measure proactive detection, response times, spam catch rates and so on. Read more…
Voulez vous devenir un mule de spam?
Voulez vous devenir un mule de spam? Would you like to be a spam mule? Anatoly Nikolayev would like you to become one. SophosLabs is currently tracking a large French based mule campaign. Now my French doesn't normally get me Read more…
HIPS HIPS Hooray for proactive detection
This morning looking through the customer submissions to Sophos (how to submit samples). I saw a sample with the 'Rule or identity name triggered by this file (if applicable)' form filled in as HIPS/RegMon-009. Looking at SophosLabs automated scans of Read more…
Jaw jaw at RSA Europe and AMTSO
If you revolve in security circles then you may well know that this week is "RSA week". The European version of the well-known stateside security conference is taking place over the next few days at the ExCeL Conference Centre centre Read more…
New kit, but with an achilles heel
For the last couple of weeks, I have been watching a series of new, related web attack sites surfacing. All follow a similar modus operandi, with an attack site exploiting a bundle of client-side vulnerabilities, some of which are pretty Read more…
Who said email-based malware was dead?
Today SophosLabs has published its latest report into the state of spam - focusing on how the problem has become increasingly malicious. Read the latest Sophos Spam Report It makes for pretty interesting reading - particularly the revelation that there Read more…
Responsible anti-malware testing
As I have mentioned before, one of my roles here at Sophos is to work with various industry testers and ensure that Sophos products participate in relevant tests and that when they are tested they are tested fairly and sensibly. Read more…
Woman accused of hacking her virtual husband to death
My guess is that many of you are still working hard on rolling that critical Microsoft security patch across your business - so here's a quirky story for you to cheer you up this Friday. A Japanese player of the Read more…
Internet Watch Foundation Awareness Day
The Internet Watch Foundation (IWF) is the UK's internet "hotline" for the public to report online child sexual abuse content they find on the internet, hosted anywhere in the world. The public can also go through the IWF to report Read more…
