Articles by Paul Baccas

About Paul Baccas

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

Malware researcher Paul Baccas reveals how an Excel spreadsheet using the password "VelvetSweatshop" could be designed to put your computer at risk.

Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules

Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules

SophosLabs has been tracking an infection of Mal/Iframe-AL on Seagate's blog since late February.

Are you taking enough care of your company's websites?

More Mac malware attacking minority groups in China

More Mac malware attacking minority groups in China

A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.

Malware injected into legitimate JavaScript code on legitimate websites

Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Adobe revokes certificate after hackers compromise server, sign malware

Adobe revokes certificate after hackers compromise server, sign malware

Adobe security chief Brad Arkin has warned that hackers have managed to create malicious files with Adobe's digital code-signing signature.

Book review: Practical Malware Analysis

practical_malware_analysis

Earlier this year, no starch press, sent SophosLabs an unrequested copy of the book Practical Malware Analysis: The hands-On Guide to Dissecting Malicious Software with a letter saying "If you do enjoy the book, I hope that you will consider Read more…

How a malicious help file can install a spyware keylogger

Windows help file malware

Do you think that Windows help file is safe? Think again.

Malware authors can create boobytrapped .HLP files, designed to infect your computer.

Zero-day Java flaw exploited in targeted tax email malware attack

Zero day Java flaw exploited in targeted tax email malware attack

Cybercriminals take advantage of the critical zero-day flaw vulnerability in Java, sending out malicious emails which pretend to come from an accountancy firm announcing a rise in the tax rate.

Shamoon (Troj/Mdrop-ELD) - Targeted destructive malware explained

Trojan

Reports of a recent targeted malware attack, known as Shamoon or Troj/Mdrop-ELD, have popped up this week.

Here is some detailed analysis of the malicious Trojan.

Poisoned DOC file used in targeted malware attack against military contractor

Poisoned DOC file used in targeted malware attack against military contractor

Firms and organisations are recommended to check that they are keeping up-to-date with their security patches, in the light of a malware attack that was seen today - targeting a defence contractor.

Sexy young women entice the unwary in Yahoo dating scam

Sexy young women entice the unwary in Yahoo dating scam

Ladonna, Lekisha, Solange, Maggie, Lorri, Clorinda, Estefana, the list goes on..

I'd like to thank all of you for your kind (unsolicited) offers to start a relationship.

Jobs website of major hotel chain serving malware, linked to other attacks

reception-thumb

The jobs website of a major international hotel chain is silently serving up malware to visitors.

And curiously, the security breach appears to be connected to other recent high profile attacks. Paul Baccas of SophosLabs looks deeper.

Danger! Unpatched Microsoft security vulnerability being actively exploited

Danger! Unpatched Microsoft security vulnerability being actively exploited

Although security software can protect against this vulnerability, let's hope that Microsoft can release a proper patch against it - it's being actively exploited in the wild.

PDF malware adopts another obfuscation trick in attempt to avoid detection

PDF malware adopts another obfuscation trick in attempt to avoid detection

SophosLabs researcher Paul Baccas takes a close look at a way in which malware authors attempt to disguise their attacks inside boobytrapped PDF files.

Traffbiz: A new malicious twist on affiliate partnerka schemes?

pay per click

Russian web users at risk as Traffbiz spreads affilate web-based malware attacks.

Trust and society: a review of Liars & Outliers by Bruce Schneier

Trust and society: a review of Liars & Outliers by Bruce Schneier

Paul Baccas reviews Bruce Schneier's latest book.

Book review: Ninja Hacking - unconventional penetration testing tactics and techniques

Ninja Hacking Featured

Senior Threat Researcher Paul Baccas reviews the book "Hacking Ninja: Unconventional penetration testing tactics and techniques".

Targeted malware attack shows how Fast Fingerprinting works

Targeted malware attack shows how Fast Fingerprinting works

Technology is helping anti-virus researchers detect malicious Microsoft Office files, by examining if they fail to conform to the OLE2 file format specification.

Sophos experts at VB2011 conference in Barcelona

Sophos experts at VB2011 conference in  Barcelona

This week there is an opportunity to meet members of the SophosLabs and Naked Security teams at the prestigious Virus Bulletin conference.

Troj/PHPShll-B: Malware injects itself into WordPress installations

wordpress-thumb

Malicious code has managed to inject itself into the PHP code used on some websites running WordPress, meaning that if you visit them when running Internet Explorer you could be exposing yourself to a malware attack.

Is your WordPress installation properly secured?