Articles by Mike Coulter

Microsoft Patch Tuesday: fixes for Office and PowerPoint

Security patches for Microsoft Office and PowerPoint

Microsoft issues patches for a series of vulnerabilities discovered in Microsoft Office and PowerPoint that could allow hackers to run malicious code on computers. But there's still no patch for an Internet Explorer zero-day exploit.

"Pentagon" delivers Zbot via "DHS"

"Pentagon" delivers Zbot via "DHS"

We're currently seeing a limited-volume run of spam messages linking to a zip file containing Zbot/Zeus malware. The messages purport to be from the Department of Homeland Security, the Pentagon, or the Transportation Security Administration. The subjects of the spam Read more…

FBI seeks indictment over "Scareware" fraud scheme

pacman-ghost

During the weekend I came across a news item regarding an FBI indictment over "Scareware fraud". The indictment, available here, alleges a scheme that employs malicious advertisements served on legitimate websites. These advertisements trick users into believing their computer is Read more…

Canada reintroducing anti-spam legislation

Default image

Today, media outlets are reporting that the Canadian federal government is reintroducing a previously set-aside Anti-spam legislation. Bill C-28 also known as the "Fighting Internet and Wireless Spam Act", will be mostly identical to the previous version. Similar to legislation Read more…

Canadian Pharmacy spam now using RTF format

Image (1) viagra-rtf1.png for post 25398

The Canadian Pharmacy gang has added a new repertoire to their arsenal - this time they're using Rich Text Format (RTF) files attached to the messages. The RTFs, when opened, looks like this: The domain names have a pattern of Read more…

Free FakeAV at Virus-Total (That's not VirusTotal)

Image (1) virustotalfakeav1.png for post 25205

VirusTotal has been well known to most readers of the blog. It's a free virus and malware online scan service which allows submitters to test a particular file against a multitude of malware scanners. So, it's not highly surprising that Read more…

Anatomy of a free Starbucks gift card scam

Image (1) starbucksscam1.png for post 25072

One trait that I developed since I started with Sophos is being calm under pressure. With virus and spam outbreaks, analysts needs to keep their nerves to analyze the situation and proceed to deal with the new threat. So, I Read more…

Here comes the Haiti earthquake donation scams

Here comes the Haiti earthquake donation scams

Like the Asian Earthquake Tsunami two years ago, it is only a matter of time before Nigerian/419 scammers start taking advantage of the recent devastating earthquake in Haiti, by soliciting funds for "relief efforts". The unfortunate part is, whoever gave Read more…

H1N1 vaccination profile malware

Image (1) cdc_vaccine1.png for post 24770

The Zeus gang, who brought us the Outlook reconfiguration malware, is at it again. Today, our spamtraps have started receiving messages with the subject "Create your personal Vaccination profile," purported to be from Center for Disease Control and Prevention: The Read more…

Twitter spam explosion

Image (1) twitterspam1.png for post 24684

Starting early this morning, we have seen a major uptick in the use of Twitter links inside spam messages. Here are a few different variants of them. Most of the spam refers to online med sites although a few campaigns Read more…

From Server/Outlook update to FDIC to Facebook phish: now with a twist

Image (1) zbot-fdic.png for post 24602

In the past few weeks, the authors behind Zbot has been busy. Around October 12 we have seen the server upgrade spam with links. Later on the 14th we've seen the same campaign Outlook updates. For a few days during Read more…

Server upgrade spam redux

Server upgrade spam redux

Two days ago my colleague Pob blogged about a run of  high-volume server upgrade spam with a link to a Zbot executable. Today a similar campaign has shown up at our spamtraps, this time with the malware attached instead of Read more…

"MSN Messenger Block Checker" spams

Image (1) msnspam2.png for post 24355

In my last post, I mention about the "Pics for MSN friends" spam. The other spam variant from Tubela management I have received recently are the "MSN Messenger Block Cheker" ones. To recap: Users who have gave away their MSN Read more…

"Pics for MSN Friends" spams

Image (1) msnspam1.png for post 24349

In recent days, my personal MSN account has been bombarded with links from a few of my friends. What made it more curious is that the messages are usually sent when the user should have been offline and asleep since Read more…

Oh the irony: Dilbert sends out 419 scams

Image (1) dilbert1.png for post 24116

As many of the blog readers are aware, Advance Fee fraud scammers will abuse any free service they can get their hands on to send out their spam messages. Previously, we blogged about the scammers abusing services such as web Read more…

More Michael Jackson spam for the weekend

Image (1) mj-weekend1.png for post 23887

It has been a quiet and sunny Sunday afternoon here in the SophosLabs Canada. With time on hand, I spend some time digging the archives to see if any new Michael Jackson-related spam have arrived in the past hours. Here Read more…

Michael Jackson "breaking news video" distributes malware

Image (1) mj-malware.png for post 23877

As many expected, the death of the "King of Pop" Michael Jackson has given malware authors a new topic to entice users into installing malware Shortly after we detected the first spam message regarding Michael Jackson, the first malware related Read more…

Microsoft Outlook re-configuration redux

Microsoft Outlook re-configuration redux

Yesterday, my colleague Graham Cluley blogged about a phish campaign claiming to be a "Microsoft Outlook Notification". The messages contained a phish link to microsoft.com.outlook.[deleted].org: Today, we see a redux of the campaign, this time with a malware attached to Read more…

From Russia with money

Image (1) hi_mydear.png for post 19999

Today we started seeing a new malware campaign arriving on our spamtraps: The message appears to have been generated through a translator as the text is quite broken grammatically. If I decipher the message correctly, it purports to be from Read more…

When social network invites are used for Nigerian/419 scams

Image (1) ning_fraud1.png for post 19990

In the last few days, we starting seeing a new wave of Nigerian/419 fraud messages coming from the social network site Ning.com. No, these are not the typical "Hi friend come join my network" invites. While many people may consider Read more…