A week in Computer Security is a – very – long time

Last week, I enjoyed a long weekend and consequently had to fit 5 days of work into 4 days! Because of that, I didn’t have time to blog about a few things that we saw.

Framer

A week ago, SophosLabs saw and analyzed another piece of code that injected malicious Iframes into HTML and other files associated with web content. We also provided specific detection for the inserted Iframes as JS/Frame-A. The graph of detections after 7 days is already quite revealing.

Click here for bigger image

If you click the image you will see, along the top sites infected with JS/Framer-A. These sites range from a legal site to a church in the State Washington.

Laoairlines

Also last week my colleagues in SophosLabs Australia encountered an infected airlines site. We got some press about this (see 1, 2). Unfortunately, due to the way that this attack was crafted, the system doesn’t allow the generation of a graph 😦
Lao

At the time of writing, the site is still infected with Troj/Unsc-A, so I wouldn’t advise visiting it . Suffice to say, we have updated our protection to detect what is downloaded from this site.

Gameige

When I saw Trend’s piece on Gameige I thought that it was best to preempt any questions and do some research. Lo and behold our automated website analysis system generated some useful information on this attack.
Gameige
The graph shows that Gameige has been affected by two distinct attacks that have affected several thousand websites in total. World of Warcraft sites, like Gameige, are generally setup and run by hobbyists who have little or no idea about computer security. The business case for allowing users access to such sites should take this into account.

What do Tesco, John Lewis, iPhones, Los Angeles and Holland have in common?

The first three were all targeted by an Angelenos whose websites were all hosted in Holland.

Tesco

Spam is normally US-centric and it is rare that we see UK based companies targeted like this. The classic give away that this is spam is the bon mot at the end. Over this campaign the URLs, targets and the bon mots all changed in a recognizable way.

Normally, a week in SophosLabs is rarely as varied and noteworthy as last week’s but with malware and spam changing so quickly, they are likely to remain this busy.