Monthly Archives: September 2010

Cat 'n Mouse with spammed HTML redirects

Cat 'n Mouse with spammed HTML redirects.

The attackers behind the spammed HTML redirects I blogged about last week have been busy over the last few days. In an ongoing attempt to evade detection they have continually tweaked and changed the manner in which the redirect is Read more…

Vote now! Help Sophos choose the name for its new security news portal

Vote now! Help Sophos choose the name for its new security news portal

Wow! Since our plea earlier in the month, we have been swamped by suggestions for our soon-to-be launched security news portal (aka glorified blog), bringing the ramblings of Duck, Chet, our labbies and me into one place). We have had Read more…

Out-of-the-blue empty emails bring redirecting malware danger

Out-of-the-blue empty emails bring redirecting malware danger

Have you received an email out of the blue with no message body, but with a file called <random number>_inv.html attached? Well, be on your guard - as you could be in the firing line for a new malware attack Read more…

Twitter 'onMouseOver' security flaw widely exploited

Twitter 'onMouseOver' security flaw widely exploited

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. In a worrying development, Read more…

Apple and Adobe update their wares

Image (1) androidflash250.png for post 3521

Time to update your Adobe Flash Players! Adobe has released Flash Player 10.1.85.3 for Windows, Macintosh, Linux and Solaris and 10.1.92.10 for Android (Froyo). As in the past follow the usual procedure to update by visiting http://get.adobe.com/flashplayer. Android users can Read more…

Criminals pose as Interpol boss on Facebook

Criminals pose as Interpol boss on Facebook

Ronald Noble, the Secretary General of Interpol, has described cybercrime as "one of the most dangerous criminal threats ever" in a speech he gave last week at a conference in Hong Kong. In the speech (which can be downloaded as Read more…

Revenge on an ex-girlfriend or a Facebook clickjacking attack?

Revenge on an ex-girlfriend or a Facebook clickjacking attack?

Another status update was spreading virally earlier today, exploiting a clickjacking attack that we have seen Facebook scammers use in the past. Messages were appearing on users' Facebook accounts saying: OMG This GUY Went a Little To Far WITH His Read more…

Identical twins meet on ChatRoulette? Another Facebook survey scam

Identical twins meet on ChatRoulette? Another Facebook survey scam

Have you seen messages on Facebook like the following? OMG! Look what happens when identical TWINS meet on Chat Roulette! <LINK> OMG LOL!! Twins meet for first time ever ON CHAT ROULETTE!! rofl --->> <LINK> or OMG! Look what happens Read more…

4chan takes on MPAA, RIAA and Aiplex... and wins

4chan takes on MPAA, RIAA and Aiplex... and wins

Update 3:BPI went down occasionally for short periods of time, but they seem to have gained the upper hand in defending their site. Update 2:RIAA is back online as of 9:10 PM Pacific time. The attack on the BPI is Read more…

MS Patch Tuesday, Adobe Vulns and Firefox 3.6.10 - Sept 2010

Image (1) tuesday250.jpg for post 3509

What a busy week! Aside from not having time to blog, there were a lot of stories about new vulnerabilities and patches for recent vulnerabilities. Microsoft, Adobe, and Mozilla all had news. Microsoft released nine patches addressing 14 vulnerabilities, four Read more…

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat 25 & 26

Sophos Security Chet Chat episode 25 is now live in the Sophos podcast archive. Last week Michael Argast and I discussed this weeks social media news as well as Google's new adoption of OpenID with Yahoo! allowing federated login to Read more…

Colossus – the first electronic digital computer

Image (1) colossus-cover.jpg for post 1609

It's a year since my last book review, so I thought I'd write another. I'm currently finishing off Colossus – The Secrets of Bletchley Park's Codebreaking Computers. This book has been out for four-and-a-half years, so I really ought to Read more…

Mal/PDFJs-Y: PDFs using getField

Mal/PDFJs-Y: PDFs using getField

This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have collected a large corpus of PDF files; the results of analyzing these Read more…

Another mass-spammed redirect (leading to fake AV)

Another mass-spammed redirect (leading to fake AV)

In what seems to be a fitting close to the week, today we have seen further waves of mass-spammed JavaScript redirects. Fairly typical social engineering is used in the email messages to entice the user into opening the attachment. Double-clicking Read more…

How to protect yourself from Facebook Places

How to protect yourself from Facebook Places

After earlier roll-outs in the USA and Japan, Facebook has now opened up its location-sharing service in the UK. In a breakfast briefing in London, Facebook explained that the new service would make it easier for users to share where Read more…

License to code: should security companies be the artiber of good or bad code

License to code

None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers? Apple have seemingly taken the high-road by requiring programmers to register as Apple Read more…

Somerset County Council website victim of Blackhat SEO and malware injection

Somerset County Council website victim of Blackhat SEO and malware injection

Sophos users over the past few months may have noticed that they haven't been able to access parts of the Somerset Information Exchange (SiX) due to instances of Mal/Badsrc-C on the site. The problems for the SiX microsite, hosted on Read more…

Infected Phish targeting Commonwealth Bank of Australia

Image (1) infected-phish.jpg for post 20060

This week we've seen more phishing spam targeting the Commonwealth Bank of Australia, an institution that many scammers have aimed at in the past. The emails have a subject of "Update your Commonwealth Bank" and look like this: The text Read more…

September 2010 Patch Tuesday

September Patch Tuesday

There are 9 new releases in this month's Microsoft patch release. Four of these are ranked by Microsoft as Critical; due to lack of exploitation in the wild, none have been ranked higher than Medium by SophosLabs. Today also brings Read more…

Free Facebook Credits? It's another scam spreading virally

Free Facebook Credits? It's another scam spreading virally

Scam messages appearing to offer free Facebook credits are being seen on Facebook. Here's an example: Want Free Facebook credits go to <link> Free Faceebook credits Want free facebook credits? (Note that they spell Facebook incorrectly in many of the Read more…