web

(get it in RSS or Atom)

More likejacking targets: Farmville, Sex And The City 2, Kendra Wilkinson, ...

More likejacking targets: Farmville, Sex And The City 2, Kendra Wilkinson, ...

Another week, another round of likejacking targets. Though we still haven't seen this technique being used as an attack vector to infect users, it's still an underhanded and malicious technique, and it's driving swarms of people to pages serving up Read more…

Jerusalem Post website serving malware

Jerusalem Post website serving malware

A couple of posts on Twitter brought to my attention earlier today that the website of the Jerusalem Post is serving up malware to unsuspecting visitors. Initially, I suspected that the malware was loaded via a compromised advert stream or Read more…

Facebook Auto-Invites, clickjacking and linkjacking

Facebook Auto-Invites

This week I've been talking about Facebook clickjacking worms that spread by hijacking Facebook "likes", using a variety of different topics to get people to click. Today I thought I'd mention another technique being plotted by similar groups of people. Read more…

Facebook "likejacking" targets World Cup, BP, Shrek, UFC, ...

Facebook clickjacking scams surge

We said we thought we were going to see a lot more Facebook "likejacking", and sure enough that's exactly what's happened - there's been an explosion of pages exploiting this technique to get users to "like" pages without them even Read more…

Facebook Worm - "Likejacking"

Image (2) facebook-clickjacking1.jpg for post 25516

Graham posted earlier about a new Facebook clickjacking worm, and as someone who saw this spreading like wildfire among members of my own contact list I thought I'd dig into it a little. The technique is exactly as Graham describes Read more…

Miscellaneous Poisoning Blasts Off

Miscellaneous Poisoning Blasts Off

 Search terms for the recent shuttle launch and the Southern Entertainment Rap awards are currently the targets of SEO poisoning campaigns.    Unprotected users who take the bait will become infected with FakeAV.   Searching for combinations of these and other popular trend Read more…

What does PHP stand for? Probable Hacked Page?

Image (1) crawler.jpg for post 25409

Late last week, the wires were buzzing over news that the official site of PHP-Nuke "Professional Content Management System" was serving malware (see 1, 2). I am frankly amazed to see the site still infected 4 days later. Here at Read more…

Mal/Iframe-N: The website of the Philadelphia Tribune, a popular newspaper, infected

Mal/Iframe-N: The website of the Philadelphia Tribune, a popular newspaper, infected

The Philadelphia Tribune has been infected with the same malware as was reported on the US Treasury site earlier this week. Detection for Mal/Iframe-N was updated yesterday to detect this threat. Overnight several high profile sites (including a major NHL Read more…

Troj/PDFJs-JN: An exploit kit encapsulating malicious TIFF files

Image (2) pdfjs-jn.gif for post 25384

Earlier this week, my colleague Fraser pointed me at a sample we had received called libtiff.pdf. He wrote a quick detection for it (Troj/PDFJs-JN) and left me to investigate the file further. He wasn't being lazy - it is just Read more…

Spotting the scams: winning an Apple iPhone

Image (1) tp_iphone.jpg for post 20042

Earlier on today I came across an advert (within a Twitpic page) enticing users to click through to a web site in order to enter a competition to win an Apple iPhone. Clicking on the ad takes you to a Read more…

Technical paper: SEO poisoning attacks

Image (1) seo_comp_lg.jpg for post 25342

Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware [2,4]. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route Read more…

Communist Party Of Britain's website infected with malware (again)

Image (1) index.jpg for post 20041

Last year, during the UK local elections, I blogged about how the Communist Party of Britain's website was infected. Earlier today, I noticed that the site had once again been infected this time with different malware. This infection, like the Read more…

Troj/JSRedir-AU: Troj/JSRedir-AK redux?

Image (1) bb-ny.jpg for post 25297

Late last year I blogged about ~40% of web-based malware. Earlier this year I mentioned it had changed and late last month I saw that it had changed again into Troj/JSRedir-AU. The infection numbers of Troj/JSRedir-AR and Troj/JSRedir-AU haven't been Read more…

Phishing craigslist - but is it malware?

Image (2) rarsfx.png for post 25271

Malware has traditionally been easy to spot and classify, mainly because it was created to serve a specific nefarious purpose and nothing else. In the ongoing arms race between malware authors and the security industry, stealth and other 'in plain Read more…

Internet Explorer 0-day targeted in spam runs

Internet Explorer 0-day targeted in spam runs

Hot on the heels of the Patch Tuesday announcements yesterday (see blog or links to vulnerability assessment pages), came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to Read more…

SEO blogger victim of malicious SEO attack

SEO blogger victim of malicious SEO attack

On Friday evening I was talking to a North American customer who had been fighting with infections caused by SEO poisoning. They mentioned a particular search term that could generate new samples of FakeAVs. The funny thing was that the Read more…

Adservers compromised in latest Zbot push

Image (1) comp_ads.jpg for post 25233

As we have commented before [2] when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites. The problem is further Read more…

Insight into fake AV SEO

Insight into fake AV SEO

Readers of the Sophos blogs will probably have seen the post Graham made about the 'killer whale video' SEO attacks. We have described SEO attacks before (for example here). In this post I want to highlight how these attacks are Read more…

Troj/IFrame-DY: Old websites don't die they just get infected

Image (1) redirect.jpg for post 25188

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that Read more…

Tiger's play too rough on Valentines Day

Image (1) search1.jpg for post 25140

While most sane people around the world are enjoying a romantic Valentine's Day today, we at SophosLabs remain vigilant on the front line of the war against malware. This year, Valentines Day coincides with the Chinese New Year as well Read more…