web
Facebook "likejacking" targets World Cup, BP, Shrek, UFC, ...
We said we thought we were going to see a lot more Facebook "likejacking", and sure enough that's exactly what's happened - there's been an explosion of pages exploiting this technique to get users to "like" pages without them even Read more…
Facebook Worm - "Likejacking"
Graham posted earlier about a new Facebook clickjacking worm, and as someone who saw this spreading like wildfire among members of my own contact list I thought I'd dig into it a little. The technique is exactly as Graham describes Read more…
Miscellaneous Poisoning Blasts Off
Search terms for the recent shuttle launch and the Southern Entertainment Rap awards are currently the targets of SEO poisoning campaigns. Unprotected users who take the bait will become infected with FakeAV. Searching for combinations of these and other popular trend Read more…
What does PHP stand for? Probable Hacked Page?
Late last week, the wires were buzzing over news that the official site of PHP-Nuke "Professional Content Management System" was serving malware (see 1, 2). I am frankly amazed to see the site still infected 4 days later. Here at Read more…
Mal/Iframe-N: The website of the Philadelphia Tribune, a popular newspaper, infected
The Philadelphia Tribune has been infected with the same malware as was reported on the US Treasury site earlier this week. Detection for Mal/Iframe-N was updated yesterday to detect this threat. Overnight several high profile sites (including a major NHL Read more…
Troj/PDFJs-JN: An exploit kit encapsulating malicious TIFF files
Earlier this week, my colleague Fraser pointed me at a sample we had received called libtiff.pdf. He wrote a quick detection for it (Troj/PDFJs-JN) and left me to investigate the file further. He wasn't being lazy - it is just Read more…
Spotting the scams: winning an Apple iPhone
Earlier on today I came across an advert (within a Twitpic page) enticing users to click through to a web site in order to enter a competition to win an Apple iPhone. Clicking on the ad takes you to a Read more…
Technical paper: SEO poisoning attacks
Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware [2,4]. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route Read more…
Communist Party Of Britain's website infected with malware (again)
Last year, during the UK local elections, I blogged about how the Communist Party of Britain's website was infected. Earlier today, I noticed that the site had once again been infected this time with different malware. This infection, like the Read more…
Troj/JSRedir-AU: Troj/JSRedir-AK redux?
Late last year I blogged about ~40% of web-based malware. Earlier this year I mentioned it had changed and late last month I saw that it had changed again into Troj/JSRedir-AU. The infection numbers of Troj/JSRedir-AR and Troj/JSRedir-AU haven't been Read more…
Phishing craigslist - but is it malware?
Malware has traditionally been easy to spot and classify, mainly because it was created to serve a specific nefarious purpose and nothing else. In the ongoing arms race between malware authors and the security industry, stealth and other 'in plain Read more…
Internet Explorer 0-day targeted in spam runs
Hot on the heels of the Patch Tuesday announcements yesterday (see blog or links to vulnerability assessment pages), came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to Read more…
SEO blogger victim of malicious SEO attack
On Friday evening I was talking to a North American customer who had been fighting with infections caused by SEO poisoning. They mentioned a particular search term that could generate new samples of FakeAVs. The funny thing was that the Read more…
Adservers compromised in latest Zbot push
As we have commented before [2] when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites. The problem is further Read more…
Insight into fake AV SEO
Readers of the Sophos blogs will probably have seen the post Graham made about the 'killer whale video' SEO attacks. We have described SEO attacks before (for example here). In this post I want to highlight how these attacks are Read more…
Troj/IFrame-DY: Old websites don't die they just get infected
Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that Read more…
Tiger's play too rough on Valentines Day
While most sane people around the world are enjoying a romantic Valentine's Day today, we at SophosLabs remain vigilant on the front line of the war against malware. This year, Valentines Day coincides with the Chinese New Year as well Read more…
Fake AV c/o PDF and Java exploits
We see fake AV malware being distributed in a variety of ways, including SEO abuse [2], compromised web sites [4, 5]. In this post I will highlight an attack that is currently active involving malicious PDF and Java content, attempting Read more…
Escort service infected with Troj/JSRedir-AR
Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities. The Troj/JSRedir-AR infection has morphed slightly: Read more…
The world's top 10 dirtiest web-hosting countries
My apologies if you were expecting this to be details of which nations had the most porn sites, this is actually all about the top ten countries hosting malware on the web, passing on virus infections to innocent computer users. Read more…
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
