General

(get it in RSS or Atom)

Stock Price vs. Spam Keywords

Stock price versus spam keywords

As noted by Bloomberg on 25 September, Apple was valued at $267 billion, ahead of PetroChina's $265.5 billion, becoming the world's second-largest company in terms of market value. Furthermore, back to May this year, Apple had surpassed Microsoft in market Read more…

October Patch Tuesday

danger-zone

Patch Tuesday has arrived again and this time we have a set of ten updates.  Nine from Microsoft and one from Adobe. Nine of these potentially allow remote code execution and the tenth involves information disclosure. For the full list Read more…

Malware abusing digital signatures: VB2010 presentation highlights

vb2010

I recently presented my paper Want My Autograph? The use and abuse of digital signatures by malware at Virus Bulletin 2010. I will refrain from delving into the gory details of digital signatures heuristics that strongly indicate malware -- those Read more…

Free online (Fake) AV scanner

Default image

I have seen many, many applications masquerade themselves as legitimate Anti-Virus software. Today I saw another version of a Fake online AV scanner Normally, FakeAV comes as an executable, which in turn downloads its other components. Then the executable starts Read more…

Do u want a wallpaper with your Fake AV?

Default image

Generally Fake Antivirus software mention all sorts of messages on the users computer to encourage/scare them into buying their product. This could be fake warnings, fake intrusion/infiltration reports, security warnings about certain executables or maybe simple dropping random "fake" malware files Read more…

Malicious PDFs: A summary of my VB2010 presentation

VB2010 presentation about PDFs

Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin of Virus Read more…

Dumb messages from dumber malware authors

darks-assembly

From time to time we get some malware in which the authors have put in their own stupid messages. This one we got recently looks like an another attempt by a malware author to get some cheap publicity. Sophos detects this malware Read more…

License to code: should security companies be the artiber of good or bad code

License to code

None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers? Apple have seemingly taken the high-road by requiring programmers to register as Apple Read more…

September 2010 Patch Tuesday

September Patch Tuesday

There are 9 new releases in this month's Microsoft patch release. Four of these are ranked by Microsoft as Critical; due to lack of exploitation in the wild, none have been ranked higher than Medium by SophosLabs. Today also brings Read more…

Oh Look. Another 419 Scam

Oh Look.  Another 419 Scam.

You've seen them before. The advance fee fraud or the 419 scams. The one where a prince, a distressed widow, or an unscrupulous but half literate bank manager contacts you with a proposal. Invariably, there is a large frozen bank Read more…

Encryption with no separate external key

Default image

Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more…

This could save your LIFE!

This could save your LIFE!

The following internet advice, which may have a subject title such as above, could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her Read more…

DLL pre-loading attack vector addressed by Microsoft

DLL pre-loading attack vector addressed by Microsoft

We have been discussing the issue of unsafe DLL loading in the lab since the release of the Microsoft advisory about a potential attack vector that uses the default Windows DLL Search Order to load a malicious DLL into the Read more…

It's that time again...

It's that time again...

Today in Boston is a special day. Yes it's raining, but today the yellow buses have started their engines. It's back to school time! I thought I might use this as a reminder to talk to your kids about computer Read more…

You're Not That Well Financed, Are You?

You're Not That Well Financed, Are You?

Every once in a while, I get the odd spam message that really makes me want to laugh. Take this one for instance. The spam message says that if I ever want to get a home loan, just feel free Read more…

Critical Adobe Acrobat APSB10-17 Vulnerability Patch

Critical Adobe Acrobat APSB10-17 Vulnerability Patch

Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to this Sophos knowledgebase article. For further information and where to obtain Read more…

U.S. Customs and Border Protection Scam

U.S. Customs and Border Protection Scam

Today I received a special package via email regarding cash worth the sum of USD $1.5M..Woooooo. However, I found out it is not easy to be the beneficiary of this package. Subject:      RE: A G Commissioner of U.S. Customs and Read more…

Thank you for your payment!

Thank you for your payment!

It seems there's a new scam flooding our mailboxes today which uses a technique which may get people to panic into doing something they shouldn't. We've seen a number of different messages all using the same technique of thanking the Read more…

Greetings from Blackhat Las Vegas 2010

Greetings from Blackhat USA

I have to admit that I am not a huge fan of Las Vegas, but, when the reason to visit is as good as attending Blackhat and Defcon I instantly forget the heat, endless rows of slot machines, big crowds, Read more…

From Nigeria with Love - old sk00l spam

From Nigeria with Love - old sk00l spam

Every now and then we at SophosLabs receive a sample of malware or spam that (laughs aside) shows the true inventiveness of the spammers and malware authors. During the World Cup I received some SMS spam on my phone but Read more…