Articles by Paul Baccas

About Paul Baccas

Paul O Baccas joined Sophos in 1997 after studying Engineering Science at Oxford University. Currently, he is employed as a Senior Threat Researcher, SophosLabs UK, with areas of interest including: non-PE malware, spam, data leakage, linux and Mac threats. Paul has published several papers, and was a technical editor for the "AVIEN Malware Defense Guide." He has written articles for security industry journal Virus Bulletin and is a frequent contributor to the Naked Security site.

PDF malware adopts another obfuscation trick in attempt to avoid detection

by Paul Baccas on April 5, 2012 | 6 Comments
PDF malware adopts another obfuscation trick in attempt to avoid detection

SophosLabs researcher Paul Baccas takes a close look at a way in which malware authors attempt to disguise their attacks inside boobytrapped PDF files.

Share

Traffbiz: A new malicious twist on affiliate partnerka schemes?

by Paul Baccas on March 1, 2012 | 2 Comments
pay per click

Russian web users at risk as Traffbiz spreads affilate web-based malware attacks.

Share

Trust and society: a review of Liars & Outliers by Bruce Schneier

by Paul Baccas on February 17, 2012 | 2 Comments
Trust and society: a review of Liars & Outliers by Bruce Schneier

Paul Baccas reviews Bruce Schneier's latest book.

Share

Book review: Ninja Hacking - unconventional penetration testing tactics and techniques

by Paul Baccas on October 25, 2011 | 2 Comments
Ninja Hacking Featured

Senior Threat Researcher Paul Baccas reviews the book "Hacking Ninja: Unconventional penetration testing tactics and techniques".

Share

Targeted malware attack shows how Fast Fingerprinting works

by Paul Baccas on October 24, 2011 | 1 Comment
Targeted malware attack shows how Fast Fingerprinting works

Technology is helping anti-virus researchers detect malicious Microsoft Office files, by examining if they fail to conform to the OLE2 file format specification.

Share

Sophos experts at VB2011 conference in Barcelona

by Paul Baccas on October 4, 2011 | Leave a comment
Sophos experts at VB2011 conference in Barcelona

This week there is an opportunity to meet members of the SophosLabs and Naked Security teams at the prestigious Virus Bulletin conference.

Share

Troj/PHPShll-B: Malware injects itself into WordPress installations

by Paul Baccas on September 19, 2011 | 9 Comments
wordpress-thumb

Malicious code has managed to inject itself into the PHP code used on some websites running WordPress, meaning that if you visit them when running Internet Explorer you could be exposing yourself to a malware attack.

Is your WordPress installation properly secured?

Share

Morto: RDP worm of death?

by Paul Baccas on August 30, 2011 | 1 Comment
Morto: RDP worm of death?

The Morto worm is making the headlines, targeting Windows networks with poorly-chosen weak passwords.

SophosLabs has only received a small number of reports of the worm being seen in the wild.

Share

Troj/DocDrop-S: A preview of a Virus Bulletin conference paper

by Paul Baccas on July 7, 2011 | Leave a comment
Troj/DocDrop-S: A preview of a Virus Bulletin conference paper

SophosLabs expert Paul Baccas gives us a sneak preview of a paper he is presenting at the Virus Bulletin conference in October 2011.

Share

Who ordered spam? New trick in PDF malware uncovered

by Paul Baccas on April 18, 2011 | 4 Comments
Who ordered spam? New trick in PDF malware uncovered

SophosLabs researcher Paul Baccas takes a close look at a PDF malware campaign.

Share

What's the deal with the Lizamoon SQL injection?

by Paul Baccas on April 1, 2011 | Leave a comment
The moon at about 3/4 phase

There has been a large amount of press in the last few days regarding "Lizamoon", the name being given to an attack which resulted in malicious code being injected into a large number of websites.

Share

When a Facebook friend gets Clickjacked, what should you do?

by Paul Baccas on March 25, 2011 | 4 Comments
facebookimage

Last night, I checked my FaceBook page and noticed a strange post from a friend. The page had all the characteristics of a Facebook ClickJacking page: A link to an amusing/salacious video but in French.

Share

Italian law firm knowingly serves up infected web pages

by Paul Baccas on March 24, 2011 | 3 Comments
code law firm

If you got a call from a legitimate security source informing you that your website was infected, would you take action? I certainly would, which is why I am rather frustrated when we take time to reach out to an organisation about a web infection, and they deliberately choose to do nothing about it.

Share

SophosLabs gives lecture at the University of Birmingham

by Paul Baccas on March 22, 2011 | Leave a comment
university-of-birmingham

Yesterday, I had the pleasure of being invited to lecture Masters' students from the University of Birmingham as part of the Network Security module. The University has its very own train station, so my journey from Oxford was very smooth. Read more…

Share

UK Government Agency wants your email scams - but is it doing it the right way?

by Paul Baccas on February 28, 2011 | 4 Comments
email-photo-thumb

The British public is being urged to forward any email scams it receives to the National Fraud Authority, to help it collect intelligence which might help track down internet fraudsters and bring them to justice.

But is information being collected in the right way?

Share

Facebook clickjacking: Malware takes on new Italian disguises

by Paul Baccas on February 22, 2011 | 1 Comment
Facebook clickjacking: Malware takes on new Italian disguises

Non-English speaking Facebook users shouldn't be fooled into believing that they are somehow immune from the scams and rogue applications that plague the social networking site.

Share

Facebook clickjacking: Dirty Italian schoolteacher undresses

by Paul Baccas on February 10, 2011 | 1 Comment
italian-thumb

Italian users could be at risk of being clickjacked on Facebook, as a new attack is seen spreading between users, posing as a video of a stripping schoolteacher.

Share

Adobe Reader X stops malicious PDF spam campaign dead in its tracks

by Paul Baccas on February 3, 2011 | 6 Comments
adobe-reader-x-thumb

A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader X.

SophosLabs researcher Paul Baccas takes a closer look.

Share

PDF security under the microscope: A review of OMG-WTF-PDF

by Paul Baccas on January 24, 2011 | 1 Comment
pdf-microscope-thumb

SophosLabs researcher Paul Baccas takes a close look at a PDF security research paper written by FireEye's Julia Wolf.

Share

Malicious Iframe infects PHP-Nuke site....again!

by Paul Baccas on January 17, 2011 | 2 Comments
Detection-scan for phpnuke

Last May, I blogged about PHP-Nuke's official site being hacked. Imagine my surprise when I saw the site come up again in my malware feed.

Share