Articles by Mike Coulter
Microsoft Patch Tuesday: fixes for Office and PowerPoint
Microsoft issues patches for a series of vulnerabilities discovered in Microsoft Office and PowerPoint that could allow hackers to run malicious code on computers. But there's still no patch for an Internet Explorer zero-day exploit.
"Pentagon" delivers Zbot via "DHS"
We're currently seeing a limited-volume run of spam messages linking to a zip file containing Zbot/Zeus malware. The messages purport to be from the Department of Homeland Security, the Pentagon, or the Transportation Security Administration. The subjects of the spam Read more…
FBI seeks indictment over "Scareware" fraud scheme
During the weekend I came across a news item regarding an FBI indictment over "Scareware fraud". The indictment, available here, alleges a scheme that employs malicious advertisements served on legitimate websites. These advertisements trick users into believing their computer is Read more…
Canada reintroducing anti-spam legislation
Today, media outlets are reporting that the Canadian federal government is reintroducing a previously set-aside Anti-spam legislation. Bill C-28 also known as the "Fighting Internet and Wireless Spam Act", will be mostly identical to the previous version. Similar to legislation Read more…
Canadian Pharmacy spam now using RTF format
The Canadian Pharmacy gang has added a new repertoire to their arsenal - this time they're using Rich Text Format (RTF) files attached to the messages. The RTFs, when opened, looks like this: The domain names have a pattern of Read more…
Free FakeAV at Virus-Total (That's not VirusTotal)
VirusTotal has been well known to most readers of the blog. It's a free virus and malware online scan service which allows submitters to test a particular file against a multitude of malware scanners. So, it's not highly surprising that Read more…
Anatomy of a free Starbucks gift card scam
One trait that I developed since I started with Sophos is being calm under pressure. With virus and spam outbreaks, analysts needs to keep their nerves to analyze the situation and proceed to deal with the new threat. So, I Read more…
Here comes the Haiti earthquake donation scams
Like the Asian Earthquake Tsunami two years ago, it is only a matter of time before Nigerian/419 scammers start taking advantage of the recent devastating earthquake in Haiti, by soliciting funds for "relief efforts". The unfortunate part is, whoever gave Read more…
H1N1 vaccination profile malware
The Zeus gang, who brought us the Outlook reconfiguration malware, is at it again. Today, our spamtraps have started receiving messages with the subject "Create your personal Vaccination profile," purported to be from Center for Disease Control and Prevention: The Read more…
Twitter spam explosion
Starting early this morning, we have seen a major uptick in the use of Twitter links inside spam messages. Here are a few different variants of them. Most of the spam refers to online med sites although a few campaigns Read more…
From Server/Outlook update to FDIC to Facebook phish: now with a twist
In the past few weeks, the authors behind Zbot has been busy. Around October 12 we have seen the server upgrade spam with links. Later on the 14th we've seen the same campaign Outlook updates. For a few days during Read more…
Server upgrade spam redux
Two days ago my colleague Pob blogged about a run of high-volume server upgrade spam with a link to a Zbot executable. Today a similar campaign has shown up at our spamtraps, this time with the malware attached instead of Read more…
"MSN Messenger Block Checker" spams
In my last post, I mention about the "Pics for MSN friends" spam. The other spam variant from Tubela management I have received recently are the "MSN Messenger Block Cheker" ones. To recap: Users who have gave away their MSN Read more…
"Pics for MSN Friends" spams
In recent days, my personal MSN account has been bombarded with links from a few of my friends. What made it more curious is that the messages are usually sent when the user should have been offline and asleep since Read more…
Oh the irony: Dilbert sends out 419 scams
As many of the blog readers are aware, Advance Fee fraud scammers will abuse any free service they can get their hands on to send out their spam messages. Previously, we blogged about the scammers abusing services such as web Read more…
More Michael Jackson spam for the weekend
It has been a quiet and sunny Sunday afternoon here in the SophosLabs Canada. With time on hand, I spend some time digging the archives to see if any new Michael Jackson-related spam have arrived in the past hours. Here Read more…
Michael Jackson "breaking news video" distributes malware
As many expected, the death of the "King of Pop" Michael Jackson has given malware authors a new topic to entice users into installing malware Shortly after we detected the first spam message regarding Michael Jackson, the first malware related Read more…
Microsoft Outlook re-configuration redux
Yesterday, my colleague Graham Cluley blogged about a phish campaign claiming to be a "Microsoft Outlook Notification". The messages contained a phish link to microsoft.com.outlook.[deleted].org: Today, we see a redux of the campaign, this time with a malware attached to Read more…
From Russia with money
Today we started seeing a new malware campaign arriving on our spamtraps: The message appears to have been generated through a translator as the text is quite broken grammatically. If I decipher the message correctly, it purports to be from Read more…
When social network invites are used for Nigerian/419 scams
In the last few days, we starting seeing a new wave of Nigerian/419 fraud messages coming from the social network site Ning.com. No, these are not the typical "Hi friend come join my network" invites. While many people may consider Read more…
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
