-
- SophosLabs: 4 yrs jail for man who masterminded Bredolab botnet of 30 million computers http://t.co/yq2q5tkG #huzzah!28 minutes ago
- SophosLabs: Learn more about analog computing - and Bob Moog! http://t.co/B0dQjMdk49 minutes ago
- gcluley: DDoS attack brings down UK webhosting firm 123-reg http://t.co/kMwKEhRS (via @regvulture)about 1 hour ago
- gcluley: Bredolab: Jail for man who masterminded botnet of 30 million computers http://t.co/Sr9Ea3EYabout 3 hours ago
- gcluley: Rock-and-roll Google celebrates analog computing - and Bob Moog http://t.co/Ftd8ouN2about 7 hours ago
Articles by SophosLabs
Data security breach at the North Pole! Santa's Naughty/Nice list compromised
Reports from the North Pole have confirmed that Santa's Naughty/Nice list has been compromised.
The list is said to contain the name, stocking address and naughty/nice score (the child equivalent of a credit rating) of every child on earth.
Choose your Fake Anti-Virus?
Today, at SophosLabs, we encountered another interesting rogue security software variant, Troj/FakeAV-BTN. When run, Troj/FakeAV-BTN poses as Microsoft Security Essentials Alert and detects only one file as "Unknown Win32/Trojan". When user wants to remove this fake threat, this malware offers Read more…
Cat 'n Mouse with spammed HTML redirects
The attackers behind the spammed HTML redirects I blogged about last week have been busy over the last few days. In an ongoing attempt to evade detection they have continually tweaked and changed the manner in which the redirect is Read more…
Mal/PDFJs-Y: PDFs using getField
This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have collected a large corpus of PDF files; the results of analyzing these Read more…
License to code: should security companies be the artiber of good or bad code
None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers? Apple have seemingly taken the high-road by requiring programmers to register as Apple Read more…
Somerset County Council website victim of Blackhat SEO and malware injection
Sophos users over the past few months may have noticed that they haven't been able to access parts of the Somerset Information Exchange (SiX) due to instances of Mal/Badsrc-C on the site. The problems for the SiX microsite, hosted on Read more…
Infected Phish targeting Commonwealth Bank of Australia
This week we've seen more phishing spam targeting the Commonwealth Bank of Australia, an institution that many scammers have aimed at in the past. The emails have a subject of "Update your Commonwealth Bank" and look like this: The text Read more…
September 2010 Patch Tuesday
There are 9 new releases in this month's Microsoft patch release. Four of these are ranked by Microsoft as Critical; due to lack of exploitation in the wild, none have been ranked higher than Medium by SophosLabs. Today also brings Read more…
The correct CV (or malware masquerading as a CV...)
Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out. All messages had the same body text that read as follows: Thank you for the Read more…
How much malware does SophosLabs detect?
SophosLabs has discovered a technique in anti-virus marketing, which we detect as Spin/BigNumber-P. Typical behaviour involves phrases such as "Product detects X viruses!", where X is a large, rather exact-sounding number. Some variants involve high-tech numerical displays updated in real-time Read more…
Encryption with no separate external key
Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more…
Phish net stockings, or spammer attempt at a phish?
An interesting phish was just escalated to me for analysis. Well, ironic more than interesting. Looking at the following phish: The message is a typical phish with clues to its nefarious origins. Dear Valued Customer, Your New Online Statement Summary Read more…
You're Not That Well Financed, Are You?
Every once in a while, I get the odd spam message that really makes me want to laugh. Take this one for instance. The spam message says that if I ever want to get a home loan, just feel free Read more…
PerlBot: A reason to run anti-virus on Linux?
This morning I noticed that SANS were talking about a Perl bot that has been reported on various Unix systems. I went looking for this file and noticed that a colleague had already updated the identity for Mal/PerlBot-A to detect Read more…
Educating the masses about internet security
Chris Pace from Sophos's sales engineering department has sneaked his way onto my blog to mention a couple of free tools we've made available to help educate your workforce about online security threats. Tell us all about it Chris.. Have Read more…
Critical Adobe Acrobat APSB10-17 Vulnerability Patch
Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to this Sophos knowledgebase article. For further information and where to obtain Read more…
New obfuscation technique using JavaScript in legitimate sites
Or at least their length. Earlier this week I came across some rather interesting JavaScript injected into legitimate sites. The obfuscation method was new (to me at least) and piqued my interest. The payload itself is predictable and dull - Read more…
Poetry in spam
Hi! I saw your ad on Craigs List I am going make this response short and sweet. If you are interested to make a bit of money on the net, then check-out this web-site called: [censored]reseller.info So it is not Read more…
August 2010 Patch Tuesday
There are 14 new releases in this month's Microsoft patch release. Many of these are remote code execution bugs. Although we haven't seen malware spreading via these bugs, it's certainly a good idea to patch proactively. For the full details Read more…
U.S. Customs and Border Protection Scam
Today I received a special package via email regarding cash worth the sum of USD $1.5M..Woooooo. However, I found out it is not easy to be the beneficiary of this package. Subject: RE: A G Commissioner of U.S. Customs and Read more…
