It has been fairly quiet in the lab over this weekend, or at least it feels like it has. This is partly thanks to some of the proactive detections already published that are protecting customers without the need for an update.
This same behavioral detection has also detected malware installed by some of the web attacks SophosLabs has identified over the weekend. The majority of malware installed by these new web attacks was proactively detected, as:
One of the web attacks we identified last night is a little intriguing. Perhaps it is related to Ann, or even her German cousin? Anyway, someone has been busy constructing an attack site on an enticingly named domain (think attractive, blond ladies) to where compromised sites are being directed:
As you can see, the compromised page, the malicious script on the attack site and the malware installed by the various exploits are proactively detected. Interestingly, over the past couple of weeks we have seen numerous other compromised sites pointing to another, unavailable page on the same domain. Browsing the root of the domain explains the (somewhat tenuous) link to ‘Ann’:
Some readers may recognise the content – another notorious domain used in attacks over the past few months points to the exact same site.
The spam feeds have been fairly quiet all weekend, with some of the product, credit or meds-related mail adopting the customary Halloween theme. There has also been the typical mix of phishing attacks – including one hosted on a Dutch triathlon club’s website! Most targeted global banks, but I did notice one that phished Monster.com credentials:
Phew! So, nothing individually exciting or sophisticated, just the usual bombardment of social engineering and malware from all sides!