Monthly Archives: July 2010

Blackhat SEO even targets researchers

HTML source of poisoned page

In the past week I've garnered a lot of press attention from my ongoing research into the Windows shortcut vulnerability. Apparently this has brought my name to the attention of the SEO poisoners who continually target Google. There were more Read more…

Want to see who has viewed your Facebook profile? Take care..

Want to see who has viewed your Facebook profile? Take care..

I'm increasingly being asked by folks on Facebook if it's possible to tell who has been viewing their Facebook profile. A number have been attracted to webpages and Facebook applications that claim to be able to give you a secret Read more…

Demi Moore and Facebook security

Demi Moore and Facebook security

What a strange world we live in.. If you have Facebook friends who you believe are acting unsafely online you should invite them to become a fan of the official Facebook Security page and join the Sophos Facebook page too. Read more…

More malware exploiting Windows shortcut vulnerability

More malware exploiting Windows shortcut vulnerability

It probably won't come as a surprise to anyone, but more evidence has come to light that cybercriminals are actively exploiting the Windows shortcut vulnerability (also known as CVE-2010-2568). Like the earlier Stuxnet attack, more examples of specially crafted shortcut Read more…

Slovenian hackers investigated in Mariposa botnet probe

Slovenian hackers investigated in Mariposa botnet probe

According to regional press reports, three Slovenian men are being investigated as part of an international probe into one of the world's biggest botnets, which compromised millions of computers world. Homes have been searched and "a large number" of computers Read more…

July roundup – "90 Second News"

thumb-jul

Don't just read the latest computer security news – watch it in 90 seconds! See the CPLINK Windows shortcut vulnerability explained, learn why you need to burn those ageing legacy applications, and find out what's been going wrong on Facebook Read more…

Hell Pizza security breach: I'll have extra passwords with that

Hell Pizza security breach: I'll have extra passwords with that

Hell Pizza, a popular chain of pizza restaurants in New Zealand with other branches around the world, has found itself in the embarrassing situation of having to admit that a hacker appears to have stolen a large portion of their Read more…

Justin Bieber's cell phone number? Nope, it's a Facebook scam

Justin Bieber's cell phone number? Nope, it's a Facebook scam

Do you remember when hardly a week went by without cybercriminals infecting computers with the promise of glimpses of glamorous pin-ups like Halle Berry, Anna Kournikova, Julia Roberts, Jennifer Lopez or Britney Spears? Those days aren't entirely behind us (lets Read more…

Hospital warns 800,000 patient records may be missing

Hospital warns 800,000 patient records may be missing

South Shore Hospital, in Weymouth, Massachusetts, has found itself in the highly embarrassing situation this week of admitting that the personal information of about 800,000 patients may have been lost in what can only be described as a data destruction Read more…

Malicious shortcuts: now documents and webpages are risky too

Malicious shortcuts: now documents and webpages are risky too

There's more bad news for those troubled by the Microsoft zero-day vulnerability that allows a Windows shortcut link, known as an .LNK file, to run malicious code whenever Windows displays their icon. The Shortcut exploit is well known to be Read more…

Dell warns of malware on motherboards

Dell warns of malware on motherboards

Dell has published a warning on its support forum that some of its server motherboards are infected with Windows malware.

CPLINK and Stuxnet – there is a silver lining

Image (1) heads-and-tails.jpg for post 1579

In case you've missed the big security story of the past few days, it's all about the Stuxnet malware, which brought to the world's attention a rather naughty bug in Windows – the "CPLINK shortcut vulnerability", or just CPLINK for Read more…

'OMG!! This Mother Went to Jail' Facebook scam spreads virally

'OMG!! This Mother Went to Jail' Facebook scam spreads virally

Today on Facebook many users are spreading a message which claims to link to a picture that caused a mother to be sent to jail. OMG!! Guys, you have to see this: This mother went to jail for taking this Read more…

Adobe is listening - Announces Adobe Reader with sandbox mode

Acrobat logo in a sandbox

Adobe has become the whipping boy for many security pundits over the last 24 months, but today they have made the most public move to change that opinion since announcing a new security strategy in May 2009. Brad Arkin their Read more…

In-store Fuji photo kiosks spread malware

In-store Fuji photo kiosks spread malware

Earlier this month reports began to come in from Australia that some Windows-based Fuji photo kiosks were infected by malware, and spreading worms to unsuspecting shoppers when they inserted their SD cards and memory sticks to print out their digital Read more…

Yes, there's malware. But don't change your SCADA password, advises Siemens

Yes, there's malware. But don't change your SCADA password, advises Siemens

If you were in charge of some critical infrastructure (such as a power plant or manufacturing facility) and there was some malware which exploited a zero-day vulnerability in Windows which targeted your systems you might be pretty concerned, right? In Read more…

Certified uncertainty

Screenshot of Stuxnet stolen certificates

Just when we thought we understood what was happening with the Stuxnet rootkit the plot thickens. As I reported in my original story, the rootkit component and several other pieces were signed with a legitimate digital certificate from Realtek Semiconductor. Read more…

CPLINK Shortcut mitigation and certificate revocation

Default image

I have spent the last three days looking at how we can best protect ourselves against the latest Windows zero day vulnerability, aside from running up to date anti-virus software. We have named this exploit CPLINK within SophosLabs referring to Read more…

Some Zbots just can't move on...

Some Zbots just can't move on ...

Zbots have been recently going through several changes in their infection method and functionality. One of the new samples though, caught my attention due to its naive evasion tricks. First the old static analysis mangle The correct offset of the Read more…

Shortcut zero-day attack code goes public

Shortcut zero-day attack code goes public

There exists a vulnerability in versions of Windows which allows a maliciously-crafted Windows shortcut file (.lnk) run a malicious DLL file, simply by being viewed on a USB stick.