SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

2007
2008
2009

November 2007

Bot RoastingIts been a busy day in SophosLabs today, not because there is a huge increase in malware or spam, but because of the renewed interest in bots following the conclusion of the second phase of the FBI’s...
30 November 2007 14:56 GMT
Odd bods blogging ZlobSophosLabs have been monitoring a bunch of blog spammers utilizing various malicious SEO techniques to get their pages on Google. We wrote a blog article about it at the start of the month. Researchers at...
29 November 2007 12:38 GMT
Classical ComputingRecently a friend linked me to a rather interesting Microsoft Knowledge Base article entitled “Computer Randomly Plays Classical Music”. The basic premise behind the article is that some BIOS...
29 November 2007 00:45 GMT
A week in Computer Security is a - very - long timeLast week, I enjoyed a long weekend and consequently had to fit 5 days of work into 4 days! Because of that, I didn’t have time to blog about a few things that we saw. Framer A week ago, SophosLabs...
27 November 2007 13:58 GMT
Lost child benefit CDs: Have they looked down the back of the sofa?It’s appalling. The loss of millions of people’s personal information by the HMRC shakes the trust that people need to have with government organizations to its foundations. Worryingly, new...
27 November 2007 13:40 GMT
Britney again, how boring!Britney Spears has long been a favourite of the malware authors, as early as February 2002, she attracted the unwanted attention of malware writers. Since then there seems to be an endless stream of spam...
26 November 2007 13:27 GMT
It only takes one infected machine for malware to be a nuisanceToday we detected via our monitoring stations a small number of emails generated by the mass-mailing worm W32/Forbot-FG. This worm was first detected in 2005 and is pretty much your typical bot with...
26 November 2007 08:24 GMT
Unubot's new clothes, pretty?Robert, one of my esteemed colleagues (and lucky - he is off on a week long holiday while I am working the weekend) had spotted a recent trend in increase of unpacked IRC bots in the wild. A lot of...
25 November 2007 17:53 GMT
Play and let me rule your systemToday SophosLabs saw another worm that attempts to spread by copying itself to removable storage devices, creating an autorun.inf file in order to run when the device is is connected to a computer. The...
23 November 2007 17:31 GMT
Identity theftNews earlier this week that the British Government has managed to ‘lose’ details of 25 million individuals has raised awareness of data leakage and identity theft. If the information was to fall...
23 November 2007 12:15 GMT
Automated or manual spam infection ?One of the common detection evasion techniques used by spammers is inclusion of legitimate URLs to spam emails. The intention is to lower the overall message spam score and break the message checksumming...
22 November 2007 16:27 GMT
Dear citizen the Department of Justice and the IRS are after you.If you received a complaint from the Department of Justice and the IRS what would you do? Many people when confronted with the below email would look at the attachments. Dear citizen , A complaint has been...
21 November 2007 17:27 GMT
Hackers wardriving you crazy?We recently carried out a survey which found that around 50% of people polled admitted to stealing Wi-Fi internet access. I’m going to briefly describe the darker side of Wi-Fi stealing and why...
21 November 2007 12:10 GMT
W32/Bagle-CF: 21 months laterW32/Bagle-CF detection was released by Sophos nearly 21 months ago and yet we are still seeing samples of this malware on our spamtraps! As someone who has worked within the industry for over 10 years now...
20 November 2007 10:36 GMT
Wiretapping - Take two.Just over a week ago we blogged about a rather flawed attempt at a Trojan spamming using a wiretapping theme as the social engineering to lure the recipient into running the malware. Well, on Saturday, it...
19 November 2007 12:34 GMT
Mac OS X & Windows - Tailor-made malwareSince the makers of Zlob branched out into the Mac market [1, 2, 3] we’ve been monitoring a large number of their websites, and today we saw a new wave of malware, variations on the same theme as...
17 November 2007 01:14 GMT
20 == 50 ?With the overall concern about the state of the global economy and the credit squeeze affecting financial markets, it was only a matter of time when we will see scammers attempting to use the slowdown to...
15 November 2007 17:01 GMT
Stock spam takes another turnEarlier this year we reported of a rise in the use of PDF attachments in stock spam [1], and then its subsequent demise [2]. More recently, we reported the use of MP3s by the stock spammers [3]. Today, we...
15 November 2007 15:04 GMT
Yet another bogus Microsoft Security BulletinThe spammers “attempt to” strike yet again! This time the claim is “a new 0-day vulnerability which affects machines running MICROSOFT WORD and allows an attacker to take full control of...
14 November 2007 23:39 GMT
Bat/LoseSlp-A - a batch worm curiosityAlthough script malware, especially in the context of HTML has made a comeback to our detection lists, many days have passed since the last time I analysed a self-propagating batch file. The submission of...
13 November 2007 16:05 GMT
Android SDK releasedAs detailed last week, the SDK for Android (the Open Handset Alliance (OHA) project) was made public yesterday. Of course, from a security perspective we are interested in the security model in place, and...
13 November 2007 10:31 GMT
Get Safe Online awareness weekThis week is Get Safe Online awareness week in the UK, and the campaign has scheduled a series of events up and down the country to raise the public’s knowledge of internet security risks . If...
12 November 2007 17:33 GMT
64% of iPhones vulnerable to the 'User' exploitLast week we ran a web poll to ask how many of you would install unofficial applications on an iPhone (assuming you could get one), Nearly two thirds of the 232 replies (64%) said that they would. This is...
12 November 2007 17:18 GMT
Zlob. It's all in the name. Well, initials at least.As a follow up to the recent move by the Zlob crew to target Mac users [1,2] in addition to Windows users [3,4], we have been monitoring some of the fake codec sites from where they are distributing their...
12 November 2007 16:25 GMT
Scarcity of Imagination Leads to Anachronistic Campaign SyndromeResearchers have found that a lack of imagination amongst spammers could cause an acute case of “ACS” (Anachronistic Campaign Syndrome), where a campaign’s angle is woefully out of date...
11 November 2007 15:56 GMT
The Height of ArroganceJournal entry - 10/11/2007 14:58 GMT W32/Mabezat-A Odd virus (genuine parasitic, not generic malware). Quick to infect and spread via network shares and USBs. 15:16 GMT Some standard social engineering...
10 November 2007 16:51 GMT
Sophos Alert detected as a virus? No cause for concern.I’ve just been contacted by a concerned customer, that emails sent out by the Sophos Alert Service were reported to have contained a script virus. These are the emails that we in SophosLabs send out...
9 November 2007 13:49 GMT
Alicia Keys, MySpace and the suspicious Chinese hackNews on the wires this morning alerted us to a MySpace hack. Malware researcher Roger Thompson alerted the world to this hack within his blog. Malware authors are interested in attacking MySpace (see 1)...
9 November 2007 11:48 GMT
Alex, Richard, Paul and Michael - Time to Change Your SSH PasswordsAs we regularly report on this blog, a large proportion of web based threats come from compromised websites (around 80%). To understand better (and therefore provide even better protection) we are currently...
9 November 2007 11:01 GMT
MP3s of wiretapping? Not really.Overnight SophosLabs received samples of yet another password stealing Trojan that has been mass-spammed to users. The social engineering used in the email seeding is something of a throwback to the days of...
9 November 2007 10:10 GMT
What NOT to detectAs someone who runs anti-virus software, you have certain expectations about the software. One such expectation would be that it try to detect malware wherever possible. Until recently, I had not come...
9 November 2007 01:24 GMT
Spammer got a part-time job: BloggingBlog-spamming is not a new concept. The diagram below illustrates one particular schema which is quite popular with blog-spammers right now. Note that from the above schema, blog-spammers generate revenue...
8 November 2007 12:55 GMT
Trojans for MacEarlier this month a new piece of malware targeting the Apple Mac was discovered called OSX/RSPlug-A. Occasionally these things come along and make the news then quickly disappear. This one appears to be...
8 November 2007 12:20 GMT
Apps for iPhones - part twoI recently reported that Apple have announced that they will be making a software development kit available for the iPhone. I’m lucky enough to have access to one, having purchased one for Labs...
7 November 2007 15:00 GMT
An interesting demographic!Whilst checking through some of the web threat data this morning, I noticed one attack using a couple of fake search sites I have seen used before. Of course, hackers using pornography in order to infect...
7 November 2007 14:49 GMT
Malware, Google Android and the OHASo finally it came. After much speculation and whispering about the forthcoming ‘Google phone’, yesterday some actual information was released to the wires [1]. The Open Handset Alliance (OHA)...
6 November 2007 11:37 GMT
News from the Linux malware honeypotAs you might expect, we run various honeypots here at SophosLabs. As you might also expect, our Windows honeypots are attacked more frequently than our Linux ones, but Linux malware is far more interesting...
6 November 2007 10:11 GMT
Who is responsible for the content on your website?At the end of last week, SophosLabs received a report from a customer saying that when they visited a certain site they received virus reports for Mal/ObfJS-A, Exp/Animoo-A and Mal/JSShell-B. The site in...
5 November 2007 15:46 GMT
Faulty divinityEverybody knows that making money using malware has become a theme of cybercriminals, including organised criminal groups in the last few years. Parasitic viruses have become almost extinct, although we are...
5 November 2007 14:28 GMT
A slow weekend but here's a post full of PEP!It’s been a fairly quiet weekend for us here in the UK lab. There’s a new virus called W32/Dawin-A that appears similar to the W32/Looked family, but doesn’t seem to drop a malicious DLL...
4 November 2007 17:25 GMT
An iframe alternativeRegular readers of our blog will be familiar with the use of malicious scripts (typically Javascript) and iframe tags for compromising legitimate sites in order to silently load malicious content when a...
2 November 2007 11:33 GMT
Dorf vs Zlob - Battle of the BotsI posted recently about Dorf patching processes as they start up in order to stop them from running properly, and doing so in a way that’s more subtle than just killing them. I also mentioned that...
2 November 2007 00:51 GMT
US Presidential candidate spamming?We all know most involved in politics use email as a method to fund-raise, communicate with their supporters, garner more support, etc.. More often than not, these parties send to lists mostly consisting of...
1 November 2007 23:43 GMT
Remember Melissa the malware stripper? She's backYou probably don’t need too great a memory to remember the Melissa virus. It was one of the very first email-aware viruses, striking the internet hard in 1999 by forwarding itself in an infected Word...
1 November 2007 22:53 GMT
W32/Pahati-A: New month, old tricksI analysed a Visual Basic worm this morning W32/Pahati-A. The sample came in with the filename winword.exe, which is obviously very suspicious since that is the normal name for the Microsoft Word...
1 November 2007 16:05 GMT
Mac OS X RSPlug Trojan horse: in picturesThe security headlines are full today with news of a new piece of malicious code for the Mac OS X platform. The OSX/RSPlug-A Trojan horse changes DNS server entries on Apple Macintosh computers to direct...
1 November 2007 10:14 GMT

Select another month

RSS feed

SophosLabs blog

Atom feed

SophosLabs blog

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.