-
- SophosLabs: Jimbo "Wikipedia" Wales's namesake country boasts the world's first Wikipedia Town! (Seriously.) http://t.co/heLEMX6J18 minutes ago
- gcluley: Someone please help. I can't work out if this "Thank you Facebook" song is serious or ironic genius http://t.co/1GE0mRWVabout 5 hours ago
- gcluley: "Norton" phishing links to "AOL" phishing page? Lousy QA by spammers http://t.co/8j5GeYCFabout 6 hours ago
- duckblog: Jimbo "Wikipedia" Wales's namesake country boasts the world's first Wikipedia Town! (Seriously.) http://t.co/sgP0Vk1habout 10 hours ago
Monthly Archives: November 2008
McColo up again, down again
While the take-down of McColo received a lot of attention in the last few days, it seems not everyone was listening: the company came back online yesterday for a while thanks to TeliaSonera AB, a Swedish ISP that has a Read more…
Lost for words? Nah, on holiday..
Apologies for the silence from the Clu-blog over the last few days. Of course, it's typical that when you take a few days holiday that various stories (large and small) will break in your absence. My wife always reminds me Read more…
Inadvertently Shady
There have already been several blogs about the common use of third-party runtime packers by malware. These runtime packers are wrappers around files which make them look different on disk but allow them to ostensibly execute without change. Malware authors Read more…
Are scammers leaving subtle clues?
Today we saw the following Google AdWords phishing scam in our spam traps: A legitimate link is displayed in the mail body as http://adwords.google.com/select/Login. However, as with most phishing emails this isn't the link which is accessed when clicked. The Read more…
The main man
In Billy's post early he mentioned that the malware Mal/EncPk-EQ could call home. During the analysis of this malware we have seen several different domains used for this call home. With a slightly different url-path in the more recent ones. Read more…
Daft (de)buggers...
I've been looking at a bunch of rootkits that seem to be doing the rounds at the moment. Fortunately for our customers, we detect all this malware (and components they drop) as Mal/EncPk-EQ but googling around suggests that this is Read more…
Alleged Silicon Valley spam source taken down; global spam volume drops 75%
A critical piece of at least one spam gang's cyber-crime infrastructure was allegedly taken down Tuesday following a four-month-long investigation by the Washington Post, leading to what multiple sources cited by the Post describe as an immediate approximately 75% drop Read more…
November Microsoft Security Bulletin
There are only 2 vulnerabilities patched in this month's Microsoft Security Bulletin. MS08-068 addresses a relatively old, publically disclosed vulnerability in SMB protocol which allows an attacker to take control over the target system, by reflecting and replaying the NTLM Read more…
AMTSO conference generates new documents
Recently Sophos had the priviledge of hosting the latest AMTSO conference. Two days were spent at Sophos Headquarters and over 40 vendors, testers and journalists agreed the formal release of two documents. The first document is the AMTSO Fundamental Principles Read more…
Sensational post-election spam continues
Last week the spammers told us that John McCain had caught nude in public, discovered that his wife Cindy had starred in a private video and (presumably from the shock and stress) died from a heart attack. The latest news Read more…
A virus romantic movie?
Word reaches me via MTV that a movie is coming out inspired, in part, by the Love Bug worm which infected computers worldwide in May 2000. The movie, entitled "Subject: I love you", stars American actress Briana Evigan (who I Read more…
Cliff-Jumping Code
I'm always on the look-out for interesting code techniques used by malware, so thought I'd share this experience from last week. A file came in flagged as a probable fake anti-virus (so much of what we see at the moment Read more…
Another Barack Obama sex scandal, or just malware?
Poor Barack Obama. You've got to feel sorry for the guy. He's only just been elected President of the United States of America, and he's being exploited yet again by internet hackers in their attempt to infect computer users. The Read more…
Facebook friend stranded in Nigeria. Would you rescue them?
How many "friends" do you have on Facebook? Without checking on the site, would you know where they all are right now? Would you know if Barney the lad who used to deliver the post at that office three jobs Read more…
'Tis The Season To Be Jolly
As is customary every year, SophosLabs analysts brace themselves for the onslaught of various malware/spam campaigns during the Christmas period. This year, someone has gotten off to an early start by releasing a mass-mailing worm in the form of W32/AutoRun-NZ. Read more…
More Portuguese banking malware spam
Remember the spoof Symantec application spammed out to Portugese users we blogged about yesterday? Well, today I have noticed the same attack continuing, though the attackers have changed the spam message social engineering. It now targets Portugese UOL Cartoes users. Read more…
Does your emulator stack up ?
I recently came across a new anti-emulation tactic for unpackers that I thought might be worth sharing. This one is a new angle on a previous technique, to use the error code returned from a Windows API call as part Read more…
Reports: WPA Wi-Fi encryption cracked
Researchers are claiming that they have found a way to partially crack the encryption used on WPA wireless communications. According to a media reports, Erik Tews and Martin Beck claim that they have found a way to unlock the Temporal Read more…
The Code is dead. Long live the Code!
Three years ago internet banking Trojans, along with their associated downloader Trojans, began to proliferate: samples started flooding in by the thousands. The poor way to deal with these would be to wait for them to come in then issue thousands of specific Read more…
Spammed banking malware masquerading as Symantec software
Earlier this morning, we noticed Portuguese spam messages attempting to dupe victims into downloading and installing a fake Symantec product. The spam messages were constructed using two images hosted on the popular imageshack.us site. As usual for spammed links, despite Read more…
