Monthly Archives: August 2010

Mark Zuckerberg spots friend's Facebook account is hacked

Mark Zuckerberg spots friend's Facebook account is hacked

Early on Monday I blogged about the iPhone and iPad tester scams which had been affecting many Facebook users' accounts, posting images on their walls in an attempt to direct the unwary into the arms of the scammers. It appears Read more…

Twitter tightens security - Good news for social media safety

Image (1) oauth500.png for post 3451

I have been waiting for this day for over a year now. Death to the Twitter HTTP API. Long live OAuth! I have written several times that Twitter needed to get rid of their old, insecure authentication mechanism if they Read more…

Don't panic! The ragtime jazz virus hasn't infected Gmail

Don't panic! The ragtime jazz virus hasn't infected Gmail

Gmail users who run Google Chrome are up in arms today following the launch of the new Gmail priority inbox service. Not because the feature doesn't work for internet users who've chosen the Chrome browser to access their email, but Read more…

Fake TweetDeck update preys on Twitter users

Fake TweetDeck update preys on Twitter users

It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day. But it appears that at least one bunch of criminals Read more…

Shocking hidden message on Coca-Cola logo, and other Facebook scams

Shocking hidden message on Coca-Cola logo, and other Facebook scams

Once the bad guys have tricked you into adding a rogue application to your Facebook account, don't be surprised if they use it to spread more of their scams. Here's an account which suddenly started advertising a scam page, even Read more…

Encryption with no separate external key

Default image

Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more…

PCI data security song [VIDEO]

pci-video

If your company handles customer credit card payments from the likes of Visa, Mastercard and American Express, then it's paramount that you keep that information securely. The Payment Card Industry (PCI) has created a data security standard, explaining how firms Read more…

iPad and iPhone 4 tester scams hit Facebook

ipad-thumb

Can you really get a free iPad 3G or iPhone 4 by signing up just to be a tester? It sounds too good to be true, doesn't it? And it is. But, like me, you may have seen users on Read more…

This could save your LIFE!

This could save your LIFE!

The following internet advice, which may have a subject title such as above, could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her Read more…

Guest blog: Snap a Marlin!

Image (3) dylan-sigg.jpg for post 1600

This week's guest blog comes from Rob Forsyth, Managing Director of Sophos in Asia Pacific, and long-time Manly Marlins mainstay. Over to you Rob... Snap a Marlin! Sophos, proud sponsors of the Manly Marlins for the last eight years, will Read more…

Phish net stockings, or spammer attempt at a phish?

Phish net stockings?

An interesting phish was just escalated to me for analysis.  Well, ironic more than interesting. Looking at the following phish: The message is a typical phish with clues to its nefarious origins. Dear Valued Customer, Your New Online Statement Summary Read more…

Did Gmail make you look like a spammer this week?

Did Gmail make you look like a spammer this week?

How mortified would you feel if you found that you had been spamming someone through no fault of your own? Well, up to 4 million Gmail users found out this week. I'm not talking about your computer being taken over Read more…

Girl who had sex with 5000 men exploited by sleazy Facebook scammers

Girl who had sex with 5000 men exploited by sleazy Facebook scammers

The story of a British woman who claims to have slept with 5000 men over the course of the last nine years, has been exploited by Facebook scammers.

Outbreak: Fake Fedex Tracking Number emails carry malware

Outbreak: Fake Fedex Tracking Number emails carry malware

Cybercriminals have spammed out a widespread email attack, distributing malware in messages pretending to come from Fedex. The emails, which have subject lines beginning "Fedex Tracking number" followed by a random reference number, pretend to come from named personnel inside Read more…

Canada Revenue Agency decides your privacy isn't important

Image (1) taxes.jpg for post 3448

The largest data breach in the history of the Canada Revenue Agency (our version of the IRS) recently occurred here in Vancouver, but you probably didn't hear about it. Why? The CRA decided that you don't need to know. According Read more…

DLL pre-loading attack vector addressed by Microsoft

DLL pre-loading attack vector addressed by Microsoft

We have been discussing the issue of unsafe DLL loading in the lab since the release of the Microsoft advisory about a potential attack vector that uses the default Windows DLL Search Order to load a malicious DLL into the Read more…

Microsoft addresses recent DLL order of operations flaw

Image (1) trojan250.jpg for post 3446

Microsoft released an advisory this week discussing bad practices in DLL loading that could lead to remote exploitation. They have released a tool that can help mitigate the risk, but the real solution is for developers to patch their applications Read more…

The Pentagon awakens from cyberslumber

Image (1) usaflags250.jpg for post 3442

I must start this post by professing that I am a proud American citizen. I am proud of what my country stands for, its accomplishments and what its citizens are capable of when we come together for a common purpose. Read more…

It's that time again...

It's that time again...

Today in Boston is a special day. Yes it's raining, but today the yellow buses have started their engines. It's back to school time! I thought I might use this as a reminder to talk to your kids about computer Read more…

Malicious spammers launch major fake anti-virus attack

Malicious spammers launch major fake anti-virus attack

SophosLabs's worldwide network of email-monitoring stations has seen a tidalwave of malicious messages being spammed out with an attachment that redirects users' web browsers to a fake anti-virus attack. The emails have subject names such as: Parking Permit and/or Benefit Read more…