Articles by Fraser Howard

About Fraser Howard

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.

Sophos sucks? Being insulted by malware authors can be the best reward

Sophos sucks? Being insulted by malware authors can be the best reward

Sometimes things can get a little personal when dealing with the huge volume of malware that is discovered every day.

Police penalty-payment website makes amateurish coding errors


Trust is crucial for financial web transactions, which is why it is so important that legitimate organisations don't get sloppy with best practice.

Hacked email accounts unleash waves of weight loss spam

Hacked email accounts unleash weight loss spam tidalwave

A weight loss spam campaign, being sent from hacked email accounts, is being seen in extremely high numbers.

SophosLabs expert Fraser Howard investigates.

Pseudorandom domain name generation and the Blackhole exploit kit

Pseudo random domain name generation and Blackhole

Take a look into the latest widespread attack against legitimate websites, in which many sites are hacked in order to redirect users to exploit sites.

Zero-day XML Core Services vulnerability included in Blackhole exploit kit

CVE-2012-1889 code in Blackhole exploit kit

Shortly after our original advisory about the latest zero-day vulnerability in Microsoft XML Core Services (CVE-2012-1889), code to exploit the vulnerability was seen in a Blackhole exploit kit. The start of widespread adoption and panic bells for users?

Easter eggs, with a side order of scareware

Easter eggs, with a side order of scareware

Planning some activities this Easter? Perhaps buying some Easter eggs? Maybe hand decorating some eggs?

Before you go searching for tips, take a read of this post which highlights how seemingly innocent search terms can lead to malware.

OpenX ads leading to malware c/o 'BlackAdvertsPro'

OpenX ads leading to malware c/o 'BlackAdvertsPro'

Take a look at some recent attacks where OpenX ad servers are being hacked in order to hit redirect users users to exploit sites and infect them with malware.

Is this the resurgence of Blackhat SEO?

Code snippet from the PHP SEO kit

Take a dive into some recent blackhat SEO attacks in this post to explore the facts behind the recent rise in reports of this threat. Site administrators in particular may be interested in some of the findings.

Hide and seek with website injections

Troj/JSRedir-DY code snippet

Step into the shoes of a site administrators attempting to check if their sites have been hacked or not, by taking a look at a couple of recent attacks against websites.

Not such a nice hack, Nice Pack

Mal/Iframe-W featured image

Take a closer look at one of the nasty JavaScript threats that we have seen injected into thousands of legitimate web sites recently, for the purpose of infecting users with malware.

Another widespread site defacement attack. Leading nowhere?

Another widespread site defacement attack. Leading nowhere?

Have you ever wondered what is meant by the term 'Traffic Direction System' (TDS)?

Well, take a look at a widespread site injection attack that took place earlier today, and see exactly how a TDS server is used to control user traffic.

Email from HM Treasury? Just another scam

Letter from HM Treasury? Just another scam

Have you been the recipient of an email claiming to be from George Osborne MP, the UK's Chancellor of the Exchequer? However tempting the offer of a large transfer of funds may be, do not become a victim of this latest scam.

Analysis of compromised websites - hacked PHP scripts

Analysis of compromised websites - hacked PHP scripts

Investigating a few compromised web sites reveals some interesting behaviour in the PHP hacks that are being used to compromised legitimate web servers in order to redirect unsuspecting users to exploit sites.

Best practices for reporting malicious URLs

StopBadware Best Practices for Reporting Badware URLs

StopBadware has teamed up with other members of the computer security community to produce a set of best practices for reporting malicious links.

Find out more now.

Widespread site compromise leading to Zeus

Snippet of injection malicious JavaScript

Read more about a recent wave of attacks compromising legitimate web sites for the purpose of infecting users with Zeus malware.

Blackhat SEO poisoning topping the charts

Mal/SEORed-A threat alert

Blackhat SEO attacks account for over 30% of all detections seen by Sophos customers protecting their web traffic.

Learn what you need to do at your company to protect yourself and your fellow users.

Defending against SEO poisoning attacks with Layered Protection

Defending SEO with Layered Protection

The use of search engine optimisation (SEO) for redirecting users to scareware sites is well known, but we also see the same techniques being used to redirect people to exploit sites. Take a look into some recent SEO attacks, and see exactly where the protection layers Sophos provide actually fit.

Compromised ads leading to TDSS rootkit infections

HackingTheWeb series logo

Hacking ad servers is a effective way of injecting malicious code into multiple third party web sites, potentially exposing huge numbers of users to the attack. Find out more about this latest attack being used to infect victims with TDSS.

No, Samsung is not shipping laptops with keylogger/spy software...

samsung logo

After yesterday's concern about laptops being shipped with keylogging software installed, it has now been confirmed that the issue was all due to a false positive.

Hacking the Web: Hijacking search results

HackingTheWeb series logo

Fraser Howard takes a look at a recent browser 0wning attack in which the victim's search results are hijacked, and they are inundated with popups to adult dating sites.