Articles by Boris Lau

The "Here you have" worm

The "Here you have" worm

Just a quick update that we are seeing reports of an old-school mass-mailing worm doing the rounds currently. The emails it sends contain a link that pretends to point to a PDF, but it in fact points to a VisualBasic Read more…

XSS worm targeting Chinese website

Default image

For the last few days we saw a XSS worm outbreak on renren.com - which is a facebook-like website in China. The worm itself poses as a flash file for the "Pink Floyd - Wish You Were Here" video - which tries Read more…

Virus Bulletin 2008 and the end

Virus Bulletin 2008 and the end

This year's Virus Bulletin had finished in Ottawa. On top of all the jokes, the quality of the presentations was good this year. Presentations related to the themes of Malware-disinfection, distributed-computing and AV-Testing were all of high quality. Pob, Fraser Read more…

We will always have Angelina..

Default image

Just a quick heads up that there is a spamming session in progress for a new variant of the old Pushdo Trojan family (Troj/Pushdo-O) . It uses the usual Pusdo obfuscation technique. Guess what? Angelina Jolie is back. Predicting malware Read more…

Zango the Time-shifters

Image (1) imedia-rip.png for post 21692

Hotbar is an application which is created by Zango, who have put up a video on www.imediaconnection.com which explains their advertising model from quite an "interesting" prospective. (Click on the above image for the video) Below is a quick summary Read more…

Slaves, Stocks and Sports

Image (1) 300px-bubblefolly.jpg for post 21506

I had an interesting chat with a lawyer at a party this weekend. We chatted about various topics, such as console modding, copyright infringement and Pump and Dump scams. One of the topics was the possibility of Pump and Dump Read more…

president [at] whitehouse [dot] gov

Image (1) us-president.png for post 21460

Interesting article from Freakonomic. The article mentions research that supports the use of email for the President of the United States. One of the arguments in favour of using email was the reduction of the "Mum effect" - an observed Read more…

Blog spammers versus Spam bloggers

Image (1) spamlinks.gif for post 21422

SophosLabs has been monitoring some blog spammers. While trudging through the logs of the monitoring tool we saw a number of cases where the spammers would spam links to other blogs. These other blogs had also been spammed. Why? It Read more…

Odd bods blogging Zlob

Image (3) zlodbefore1.png for post 21401

SophosLabs have been monitoring a bunch of blog spammers utilizing various malicious SEO techniques to get their pages on Google. We wrote a blog article about it at the start of the month. Researchers at Sunbelt have also kept an Read more…

Unubot's new clothes, pretty?

Default image

Robert, one of my esteemed colleagues (and lucky - he is off on a week long holiday while I am working the weekend) had spotted a recent trend in increase of unpacked IRC bots in the wild. A lot of Read more…

Spammer got a part-time job: Blogging

Default image

Blog-spamming is not a new concept. The diagram below illustrates one particular schema which is quite popular with blog-spammers right now. Note that from the above schema, blog-spammers generate revenue from multiple sources: When users do a search from Google Read more…

Harry Potter and the USB Device of Doom

Default image

While analysing a trivial sample written using AutoIt, we received the following bad news. Oh no! But don't worry, he is still alive, living happily along with other users on your computer.... However, we have a slight doubt that this Read more…

Download Mal/GrumPk-A now

Image (1) ie7.jpg for post 19579

We have just seen a lot of spam coming into our Spamtrap containing an image which links to an executable named update.exe: Both the image and the malware are hosted on comprised servers from around the world including UK and Read more…