(get it in RSS or Atom)

Defending against web-based malware: Spot the smoke, don't wait for fire


Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

Will web censorship plans make your kids safer? [POLL]


Do you think that ISPs and search engines are doing enough to keep your children safe online? The UK government doesn't and so yesterday they went out to bat for the kids. Tell us if you think what they're proposing will help.

Google's certificate announcement contains a hidden surprise for Windows XP users

Google's certificate announcement contains a hidden surprise for Windows XP users

Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?

Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.

Blackhat SEO poisoning topping the charts

Mal/SEORed-A threat alert

Blackhat SEO attacks account for over 30% of all detections seen by Sophos customers protecting their web traffic.

Learn what you need to do at your company to protect yourself and your fellow users.

What's in a domain name?


Was Microsoft's Bing search engine poisoned for one of Microsoft's own products? Maybe not, but there is a lesson here to be learned for internet marketers. Simply representing your brand can help users stay safe on the internet.

Hacking the Web: Hijacking search results

HackingTheWeb series logo

Fraser Howard takes a look at a recent browser 0wning attack in which the victim's search results are hijacked, and they are inundated with popups to adult dating sites.

Large US hosting provider hit in web attack

Large US hosting provider hit in web attack

In this post I take a look into what at first sight appeared to be a widespread web attack, with malicious JavaScript injected into hundreds of legitimate web sites. Closer inspection revealed the attack to be a little less widespread than expected, potentially targeting just a single hosting provider.

Cat 'n Mouse with spammed HTML redirects

Cat 'n Mouse with spammed HTML redirects.

The attackers behind the spammed HTML redirects I blogged about last week have been busy over the last few days. In an ongoing attempt to evade detection they have continually tweaked and changed the manner in which the redirect is Read more…

Another mass-spammed redirect (leading to fake AV)

Another mass-spammed redirect (leading to fake AV)

In what seems to be a fitting close to the week, today we have seen further waves of mass-spammed JavaScript redirects. Fairly typical social engineering is used in the email messages to entice the user into opening the attachment. Double-clicking Read more…

Somerset County Council website victim of Blackhat SEO and malware injection

Somerset County Council website victim of Blackhat SEO and malware injection

Sophos users over the past few months may have noticed that they haven't been able to access parts of the Somerset Information Exchange (SiX) due to instances of Mal/Badsrc-C on the site. The problems for the SiX microsite, hosted on Read more…

It's that time again...

It's that time again...

Today in Boston is a special day. Yes it's raining, but today the yellow buses have started their engines. It's back to school time! I thought I might use this as a reminder to talk to your kids about computer Read more…

New obfuscation technique using JavaScript in legitimate sites

Image (1) words1.jpg for post 20059

Or at least their length. Earlier this week I came across some rather interesting JavaScript injected into legitimate sites. The obfuscation method was new (to me at least) and piqued my interest. The payload itself is predictable and dull - Read more…

Thank you for your payment!

Thank you for your payment!

It seems there's a new scam flooding our mailboxes today which uses a technique which may get people to panic into doing something they shouldn't. We've seen a number of different messages all using the same technique of thanking the Read more…

Spammed redirects using anti-emulation tricks

Spammed redirects using anti-emulation tricks

A few weeks ago Richard posted a blog about malicious HTML attachments we were seeing in spam. Well, the attacks have continued since then along much the same lines. For example: Current attachments are being blocked as Troj/JSRedir-BV. As noted Read more…

Is pornography only skin deep?

Default image

Looking through news sites I encountered articles about a full-frontal pin-up calendar ("EIZO - Pin-up Calendar 2010") that shows a young lady more exposed than any I have seen before. Yet this calendar is reproduced on various respectable websites. It Read more…

New SQL injection making the rounds?

Default image

SophosLabs has been tracking the results of what looks like a new SQL injection over the last week and updating detections to Mal/Badsrc-C to deal with it. The script tag injected is now using port 8080 like similar campaigns recently. Read more…

SEO techniques and malware: Don't move or I'll redirect!

Don't move - or I'll redirect!

Search engine optimisation (SEO) techniques have received a fair of attention recently, thanks mostly to their use in fake AV distribution. In this blog, I will describe an interesting piece of JavaScript I came across whilst investigating some SEO pages. Read more…

More attacks using compromised OpenX ad-servers

Default image

Regular SophosLabs blog readers may have read previous posts about attacks that have poisoned ads content in order to inject malicious code into legitimate web sites. This is a nasty form of attack which can reach a potentially huge audience. Read more…

Double trouble - spam and malware payloads

Targeted Trident cyber-attack against defence company

Don't you hate spam? It's a nuisance, but not anything you really need to worry about, is it? I mean, it's not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, Read more…

A.S. Roma football website infected with same malware as Jerusalem Post

A.S. Roma website infected with same malware as Jerusalem Post

Last week, I reported on (1, 2 and 3). Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were Read more…