Articles by Fraser Howard
Zero-day XML Core Services vulnerability included in Blackhole exploit kit
Shortly after our original advisory about the latest zero-day vulnerability in Microsoft XML Core Services (CVE-2012-1889), code to exploit the vulnerability was seen in a Blackhole exploit kit. The start of widespread adoption and panic bells for users?
Easter eggs, with a side order of scareware
Planning some activities this Easter? Perhaps buying some Easter eggs? Maybe hand decorating some eggs?
Before you go searching for tips, take a read of this post which highlights how seemingly innocent search terms can lead to malware.
OpenX ads leading to malware c/o 'BlackAdvertsPro'
Take a look at some recent attacks where OpenX ad servers are being hacked in order to hit redirect users users to exploit sites and infect them with malware.
Is this the resurgence of Blackhat SEO?
Take a dive into some recent blackhat SEO attacks in this post to explore the facts behind the recent rise in reports of this threat. Site administrators in particular may be interested in some of the findings.
Hide and seek with website injections
Step into the shoes of a site administrators attempting to check if their sites have been hacked or not, by taking a look at a couple of recent attacks against websites.
Not such a nice hack, Nice Pack
Take a closer look at one of the nasty JavaScript threats that we have seen injected into thousands of legitimate web sites recently, for the purpose of infecting users with malware.
Another widespread site defacement attack. Leading nowhere?
Have you ever wondered what is meant by the term 'Traffic Direction System' (TDS)?
Well, take a look at a widespread site injection attack that took place earlier today, and see exactly how a TDS server is used to control user traffic.
Email from HM Treasury? Just another scam
Have you been the recipient of an email claiming to be from George Osborne MP, the UK's Chancellor of the Exchequer? However tempting the offer of a large transfer of funds may be, do not become a victim of this latest scam.
Analysis of compromised websites - hacked PHP scripts
Investigating a few compromised web sites reveals some interesting behaviour in the PHP hacks that are being used to compromised legitimate web servers in order to redirect unsuspecting users to exploit sites.
Best practices for reporting malicious URLs
StopBadware has teamed up with other members of the computer security community to produce a set of best practices for reporting malicious links.
Find out more now.
Widespread site compromise leading to Zeus
Read more about a recent wave of attacks compromising legitimate web sites for the purpose of infecting users with Zeus malware.
Blackhat SEO poisoning topping the charts
Blackhat SEO attacks account for over 30% of all detections seen by Sophos customers protecting their web traffic.
Learn what you need to do at your company to protect yourself and your fellow users.
Defending against SEO poisoning attacks with Layered Protection
The use of search engine optimisation (SEO) for redirecting users to scareware sites is well known, but we also see the same techniques being used to redirect people to exploit sites. Take a look into some recent SEO attacks, and see exactly where the protection layers Sophos provide actually fit.
Compromised ads leading to TDSS rootkit infections
Hacking ad servers is a effective way of injecting malicious code into multiple third party web sites, potentially exposing huge numbers of users to the attack. Find out more about this latest attack being used to infect victims with TDSS.
No, Samsung is not shipping laptops with keylogger/spy software...
After yesterday's concern about laptops being shipped with keylogging software installed, it has now been confirmed that the issue was all due to a false positive.
Hacking the Web: Hijacking search results
Fraser Howard takes a look at a recent browser 0wning attack in which the victim's search results are hijacked, and they are inundated with popups to adult dating sites.
Night Dragon attacks: myth or reality?
Many readers will have seen the press around a series of hacking attacks that have been labelled the 'Night Dragon' attacks by McAfee. In this post, some of the common questions that these attacks pose are answered.
Compromised website used in Bank of America phish
In malware analysis, it is quite common to come across attacks that you quite simply cannot believe could really work. I quite often find myself asking the question how anyone could actually fall victim to that? Yesterday, one of my colleagues was analyzing a banking Trojan that provided just such a case.
Shooting the messenger. Who do you trust?
With an increasing number of legitimate web sites playing a role in malware distribution, never has it been so important for webmasters and site administrators to understand the threat and respond quickly when alerted to an issue. As Fraser discusses in this post, one of the problems they face is knowing when to trust the security vendor on the end of the phone.
Large US hosting provider hit in web attack
In this post I take a look into what at first sight appeared to be a widespread web attack, with malicious JavaScript injected into hundreds of legitimate web sites. Closer inspection revealed the attack to be a little less widespread than expected, potentially targeting just a single hosting provider.
