-
- ChetWisniewski: Fancy some geeky tech-puzzle fun? Try our latest #sophospuzzle (and win a NERF gun) http://t.co/9k3pr1Qaabout 3 hours ago
- ChetWisniewski: Looks like no #Canadians have solved the latest #sophospuzzle yet - c'mon, let's give'r http://t.co/9k3pr1Qaabout 4 hours ago
- SophosLabs: Sophos just released a beta of its free Android anti-virus scanner (does other things too). Get it here http://t.co/9ankUHxhabout 5 hours ago
- gcluley: Technical paper - Fake anti-virus: The journey from Trojan to a persistent threat http://t.co/8pyjNEbGabout 5 hours ago
Monthly Archives: August 2009
Security leaders form industry group to improve collaboration
The IEEE Standards Group has today publicly announced the formation of the Industry Connections Security Group (ICSG), with the intention of improving collaboration between security vendors. Sophos is joined as a founding member of the ICSG by our friends at Read more…
More Phacebook fishing.
Earlier this morning I was asked to check out what appeared to be another Facebook phishing attack, as detailed here. Sure enough, a domain registered a couple of days ago is being used to harvest Facebook login credentials from unsuspecting Read more…
Visual Basic worm (re)discovers old trick
The simplest type of hash-buster in malware typically consists of a few (or many) appended random bytes, changing the files checksum while not altering its functionality. More advanced hash-busters incorporate patching of inconsequential bytes within the files code or data Read more…
Aftertaste - The domain tasting era has quietened to a whisper
On Thursday a report was released by ICANN supplying data that implies the practice of domain tasting has come to an end. The traditional definition of domain tasting is the practice of purchasing a domain for the purpose of hosting Read more…
Aftertaste - The domain tasting era has quietened to a whisper
On Thursday a report [PDF] was released by ICANN supplying data that implies the practice of domain tasting has come to an end. The traditional definition of domain tasting is the practice of purchasing a domain for the purpose of Read more…
Scribble piggybacks Koobface
In recent weeks we've seen Koobface move its updating mechanism to the vast array of bots it controls. Now when you download the latest version of the Trojan, you end up fetching it directly from the machine of someone else Read more…
Same, same (but different)
Through following unsubscribe links in unsolicited email advertisements, one can often reach the home pages of the self-proclaimed "advertising agencies" that send the spam. Examples of such pages include: As well as this site: Hang on a sec, those pages are Read more…
Ashley Greene dirty pics lead to Mac and Windows malware danger
Nude photos of "Twilight" film star Ashley Greene have been leaked onto the net, propelling her name high in the chart of most commonly searched for phrases at the moment. However, if you're foolish enough to go hunting for the Read more…
How to stop Spotify
At the end of July Spotify announced on its blog that it had submitted an iPhone edition of its popular music-streaming app over to "the nice people at Apple" for approval. That all sounds very simple doesn't it? Well, think Read more…
AutoCAD virus is a blast from the past
Thanks are due to my SophosLabs colleague Paul Baccas who today brought my attention to a fairly unusual sighting in the malware world - an AutoCAD virus. It turns out that Autodesk, the makers of AutoCAD, blogged last week about Read more…
AutoCAD malware: ACAD.VLX
At the end of last month, I saw some malicious AutoCAD files (AL/Utax-A) which caused me to put AutoCAD on my research to-do list. The last time I seriously looked at AutoCAD malware was back in May 2007 (AL/Bursted-Fam). Imagine Read more…
Robert Scoble fails to update WordPress, gets hacked
Prominent blogger Robert Scoble, who runs the Scobleizer website, has come a cropper after hackers were able to break into his site and post links to pornographic websites. In a posting last night on Twitter, Microsoft's former technical evangelist wrote: Read more…
Fake AV continuing the PDF onslaught
Throughout 2009 we have been reporting on the large rise in the volume of attacks that use malicious PDF samples to infect victims with malware [2]. If anything, the past few weeks have shown an increase in such attacks. In Read more…
Can you trust Conficker clean-up advice on Twitter?
I would be cautious of trusting Twitter users who recommend you try Trend Micro to clean-up the Conficker worm. Not because Trend Micro can't help you remove the Conficker worm (I'm sure they can), but because it could be that Read more…
Another day, another security update from Apple
It seems like only yesterday that I was blogging about an important security update from Apple. And wasn't it just last week when we were discussing how boobytrapped images could infect your Mac, and how GarageBand could change your Safari Read more…
The latest... latest, vulnerability analysis
Well, it's about that time... Microsoft recently released their August 2009 Security Bulletin and, in turn, we've updated our vulnerability analysis page . This month's update patches several important vulnerabilities that even the most diligent security-conscious web users should watch Read more…
Microsoft issues barrage of security updates
Microsoft has issued an advisory, informing users of a bumper pack of software updates to fix at least 19 security holes in its operating system and other Windows software. These security updates come as part of Microsoft's regular "Patch Tuesday" Read more…
Six security holes fixed in Safari 4.0.3
Apple has updated Safari to version 4.0.3, reportedly fixing some stability and compatibility issues but also, most importantly to readers of this blog, plugging a number of security holes. And don't think you can get away with not updating if Read more…
More reports of Apple Mac Trojan horse seen in the wild
Our friends at Trend Micro have blogged about a Trojan horse for Mac OS X they have recently encountered disguised as MacCinema Installer. This has caught the attention of some reporters and bloggers (such as Dancho Danchev). That's not such Read more…
Twitter knocked out for second time in less than a week
"Fool me once, shame on you; Fool me twice, shame on me" I can't help but feel sorry for Twitter as it tripped up this evening after apparently becoming the unwitting victim of a distributed denial-of-service attack for the second Read more…
