Articles by SophosLabs
Point-of-Sale malware attacks – crooks expand their reach, no business too small
SophosLabs has been tracking a set of incidents involving Point-of-Sale malware.
The crooks have added a few tricks over the last 15 months.
Find out what's new, and why no business can "fly under the radar" of cybercrime...
Anatomy of a targeted attack - SophosLabs explores an Adobe zero-day "malware experiment"
SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.
What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...
Data security breach at the North Pole! Santa's Naughty/Nice list compromised
Reports from the North Pole have confirmed that Santa's Naughty/Nice list has been compromised.
The list is said to contain the name, stocking address and naughty/nice score (the child equivalent of a credit rating) of every child on earth.
Choose your Fake Anti-Virus?
Today, at SophosLabs, we encountered another interesting rogue security software variant, Troj/FakeAV-BTN. When run, Troj/FakeAV-BTN poses as Microsoft Security Essentials Alert and detects only one file as "Unknown Win32/Trojan". When user wants to remove this fake threat, this malware offers Read more…
Cat 'n Mouse with spammed HTML redirects
The attackers behind the spammed HTML redirects I blogged about last week have been busy over the last few days. In an ongoing attempt to evade detection they have continually tweaked and changed the manner in which the redirect is Read more…
Mal/PDFJs-Y: PDFs using getField
This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have collected a large corpus of PDF files; the results of analyzing these Read more…
License to code: should security companies be the artiber of good or bad code
None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers? Apple have seemingly taken the high-road by requiring programmers to register as Apple Read more…
Somerset County Council website victim of Blackhat SEO and malware injection
Sophos users over the past few months may have noticed that they haven't been able to access parts of the Somerset Information Exchange (SiX) due to instances of Mal/Badsrc-C on the site. The problems for the SiX microsite, hosted on Read more…
Infected Phish targeting Commonwealth Bank of Australia
This week we've seen more phishing spam targeting the Commonwealth Bank of Australia, an institution that many scammers have aimed at in the past. The emails have a subject of "Update your Commonwealth Bank" and look like this: The text Read more…
September 2010 Patch Tuesday
There are 9 new releases in this month's Microsoft patch release. Four of these are ranked by Microsoft as Critical; due to lack of exploitation in the wild, none have been ranked higher than Medium by SophosLabs. Today also brings Read more…
The correct CV (or malware masquerading as a CV...)
Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out. All messages had the same body text that read as follows: Thank you for the Read more…
How much malware does SophosLabs detect?
SophosLabs has discovered a technique in anti-virus marketing, which we detect as Spin/BigNumber-P. Typical behaviour involves phrases such as "Product detects X viruses!", where X is a large, rather exact-sounding number. Some variants involve high-tech numerical displays updated in real-time Read more…
Encryption with no separate external key
Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more…
Phish net stockings, or spammer attempt at a phish?
An interesting phish was just escalated to me for analysis. Well, ironic more than interesting. Looking at the following phish: The message is a typical phish with clues to its nefarious origins. Dear Valued Customer, Your New Online Statement Summary Read more…
You're Not That Well Financed, Are You?
Every once in a while, I get the odd spam message that really makes me want to laugh. Take this one for instance. The spam message says that if I ever want to get a home loan, just feel free Read more…
PerlBot: A reason to run anti-virus on Linux?
This morning I noticed that SANS were talking about a Perl bot that has been reported on various Unix systems. I went looking for this file and noticed that a colleague had already updated the identity for Mal/PerlBot-A to detect Read more…
Educating the masses about internet security
Chris Pace from Sophos's sales engineering department has sneaked his way onto my blog to mention a couple of free tools we've made available to help educate your workforce about online security threats. Tell us all about it Chris.. Have Read more…
Critical Adobe Acrobat APSB10-17 Vulnerability Patch
Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to this Sophos knowledgebase article. For further information and where to obtain Read more…
New obfuscation technique using JavaScript in legitimate sites
Or at least their length. Earlier this week I came across some rather interesting JavaScript injected into legitimate sites. The obfuscation method was new (to me at least) and piqued my interest. The payload itself is predictable and dull - Read more…
Poetry in spam
Hi! I saw your ad on Craigs List I am going make this response short and sweet. If you are interested to make a bit of money on the net, then check-out this web-site called: [censored]reseller.info So it is not Read more…
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
