Whilst dealing with the daily deluge of malicious files, it is nice for those of us working in SophosLabs to occasionally come across something amusing which can make us smile.
Sometimes even insults can be amusing (even complimentary), as we have previously noted.
Messages to Sophos (sorry, Sofos) within malicious code could be regarded as confirmation that the defences we are putting up are aggravating the criminals.
Earlier this week, a new message appeared in one of the active exploit kits:
This translates to:
Dear Sofos, what do you need from me? I do not understand. Please f*** off! ThankYou!
The exploit kit in question has been active for several months now, and Sophos products block it as Mal/ExpJS-AL.
As usual, compromised websites are responsible for driving traffic to the sites hosting the exploit kit. So even the most careful browsing could still expose you to such threats.
In the past 24 hours for example, pricing up some Angry Birds merchandise or checking out the latest shawl worn by Kate Middleton would have been enough to expose you to legitimate websites that have been injected with malicious JavaScript that kick starts the drive-by download chain.
See here for an excellent video describing exactly how drive by downloads work.
Follow @SophosLabs
Hat-tip: Thanks to @kafeine who brought the message to our attention, and @ekwatcher for the sample.
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Server-side polymorphism: How mutating web malware tries to defeat anti-virus software [VIDEO]](http://sophosnews.files.wordpress.com/2012/07/potato-head-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
That translation is incorrect, though close but incorrect.
**Xyle tebe nado is more along the lines of wtf do you want and or don't you have anything better to do.
**Ya Ne Ponimau = I don't get it.
**Otebis please ot nas = Leave us the f*** alone.
Congratulations! It's always gratifying to know that one's efforts to thwart scumbaggery are hitting home..."home" in this case being somewhere in Russia, apparently.
Uh, if I am transliterating it the way they meant it, "xyle tebe nado" is "хули тебе надо" which is much stronger than "what do you need from me" -- more like "what the f*** do you want from me?" It should be rendered kind of like Travis Bickle asking "Are you talking to me?"
Then you did get the "f*** off" part translated properly. But overall it is somewhat nastier than your translation made it sound.
awesome! you know your visibility is high when something like that happens
Keep up the good work. Hopefully you can elicit even stronger responses from them in the future.
A pedant writes ... "Messages to Sophos (sorry, Sofos) within malicious code could be regarded as confirmation that the defences we are putting up are irritating the criminals."
aggravating means to make things worse...............I'd get out more, but it's raining...
Regardless of how it's translated, they're obviously hitting them where it hurts!
And that's a good thing.
Don't Russians have better things to do? You have like 5 time zones with eagles and hot women! Theres no need to have hacking rings in Russia!