-
- ChetWisniewski: Fancy some geeky tech-puzzle fun? Try our latest #sophospuzzle (and win a NERF gun) http://t.co/9k3pr1Qaabout 3 hours ago
- ChetWisniewski: Looks like no #Canadians have solved the latest #sophospuzzle yet - c'mon, let's give'r http://t.co/9k3pr1Qaabout 4 hours ago
- SophosLabs: Sophos just released a beta of its free Android anti-virus scanner (does other things too). Get it here http://t.co/9ankUHxhabout 5 hours ago
- gcluley: Technical paper - Fake anti-virus: The journey from Trojan to a persistent threat http://t.co/8pyjNEbGabout 5 hours ago
Monthly Archives: June 2010
Sophos's Top 10 Kung Fu sales tips
Things are going to be a bit quieter than normal on the Clu-blog front for a couple of weeks as I take a break to recharge my batteries. Hopefully some guest bloggers will pop up to keep the blog motoring Read more…
Apple iOS 4 released - Security review
Today's big tech news was the release of Apple's much awaited iOS 4 (Someone should tell them the name is already taken). The iPhone won't hit the shelves until the 24th, but iPhone and iPod Touch users can download the Read more…
I think therefore I change
Some malware authors tend to be tricky to break detections based on static signature matching. So they scramble the malware code in a way that they consider to be useful to save the malware from being detected. So here we Read more…
Double trouble - spam and malware payloads
Don't you hate spam? It's a nuisance, but not anything you really need to worry about, is it? I mean, it's not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, Read more…
'Adultfriendfinder new messages' spam campaign hits hard
All week I've been blogging about spam campaigns that arrive with a variety of subjects, no message in the main body of the email, but an HTML attachment. Opening the attachment (which Sophos detects as Troj/JSRedir-BO) redirects your browser to Read more…
Tory MP has her Twitter hacked
Poor old Therese Coffey. She's a newly elected member of the British parliament, representing the English constituency of Suffolk Coastal. Therese probably thought that winning a place in parliament would be her biggest fight of the year, but she's now Read more…
Updated XProtect protects against OSX.HellRTS
You may remember in August last year SophosLabs blogged about XProtect and how it can protect you from Mac malware. Earlier, this year Graham blogged about OSX/Pinhead-B a backdoor for OSX. The update schedule for Snow Leopard has been: 10.6 Read more…
Apple secretly updates Mac malware protection
Apple's 10.6.4 operating system upgrade earlier this week silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook. Although Read more…
Australian airport security – does it break your IT department's policy?
Australian airport security generally requires that you take your laptop out of your bag and submit it separately for scanning. But anyone passing through the checkpoint can pick up another person's belongings, whether by accident or design. And non-travellers can Read more…
"Pentagon" delivers Zbot via "DHS"
We're currently seeing a limited-volume run of spam messages linking to a zip file containing Zbot/Zeus malware. The messages purport to be from the Department of Homeland Security, the Pentagon, or the Transportation Security Administration. The subjects of the spam Read more…
Old Heroes Don't Die, They Just Live On In Malware
As virus analysts, we're used to seeing lots of inane quotes hidden in malware. These days, they can range from everything to anything. One malware author thought it funny to include Chuck Norris in his malware creations. Yes, Chuck Norris, Read more…
Romance and Skype deliveries plundered by spammers
Updated The malicious spam campaign I have blogged about for the last few days has morphed again, adopting a range of new disguises. The most prevalent messages SophosLabs is intercepting claim to come from Skype with the subject line "We've Read more…
Style Sheet Messaging
It seems our friends over at ESET NOD32 have received a message that most people wouldn't even notice. While doing some digging into SEO poisoned pages I was looking at the source code of the main FakeAV portal pages and Read more…
Facebook porn chicks and Skype payment spam
Yesterday I blogged about a widespread spam campaign that posed as a message to "Reset your Facebook password", but was really designed to redirect you to a Canadian pharmacy website instead. En route you can also be hit by an Read more…
A.S. Roma football website infected with same malware as Jerusalem Post
Last week, I reported on (1, 2 and 3). Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were Read more…
Tavis Ormandy - are you pleased with yourself? Website exploits Microsoft zero-day
Updated Last week I railed against the irresponsible disclosure by a Google engineer of a zero-day vulnerability in Microsoft's code. Tavis Ormandy, a security researcher employed by Google, found a vulnerability in Windows XP's Help and Support Center, but only Read more…
CVE 2010-1885 exploited in the wild
The recent Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) is being exploited in the wild. Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an Read more…
95% say Facebook needs to do more to fight clickjacking worms, poll reveals
Facebook isn't doing enough to protect members from a recent spate of clickjacking attacks on the popular social networking site. That's the verdict of 95% of the 600 people we polled overnight after the latest attack that struck the social Read more…
'Reset your Facebook password' spam promotes pharmacy websites
One of the most widespread spam campaigns at the moment is posing as a reset password email from Facebook. The emails use the subject line "Reset your Facebook password" and have no message body. However, they do have an attached Read more…
Am I dead? Nigerian 419 scammer wants to know
Of course, it's a Nigerian 419 scam and the intention is - ultimately - to trick me into handing over personal information (such as driving license and passport details) and possibly paying them a advance before they (fingers crossed!) transfer Read more…
