Sophos Plc. webmaster@sophos.com http://feeds.sophos.com/favicon.ico http://feeds.sophos.com/en/atom1_0-sophos-sophoslabs-blog.xml © Copyright 1997-2008, Sophos Plc 2008-05-12T16:41:24Z http://www.sophos.com/security/blog/2008/05/1401.html 2008-05-12T16:41:24Z

Oh how we sail, in this wonderful place where vision is obscured, and they have no face yet the winds blow strong, and they never relent the storm of spam that we all are sent. The spam fiends currently propogating en masse have added a poetic touch to their efforts to be man’s saviour. Now, adverts for virility medication [...]

http://www.sophos.com/security/blog/2008/05/1398.html 2008-05-11T15:50:06Z

A classic case of impudent opportunism, more and more malware are now using standard Microsoft Windows Operating System files to do their bidding. Last year there were examples of malware modifying WINLOGON.EXE, a critical system file, to load a malicious DLL. The entrypoint code is modified to call LoadLibraryA on the Trojan DLL and then execution [...]

http://www.sophos.com/security/blog/2008/05/1397.html 2008-05-10T06:50:51Z

Last week several SophosLabs staff attended the 2nd International CARO workshop to discuss packers and obfuscators and how the anti-malware industry is dealing with them. It was interesting to see the various approaches being explored and employed by vendors in dealing with hard-to-do packer and obfuscator technology in the anti-malware arena. Sophos has been actively detecting a [...]

http://www.sophos.com/security/blog/2008/05/1385.html 2008-05-09T16:13:18Z

Since I last blogged about a recent spate of aggressive SQL injection attacks [1], we have seen continued activity, with sites across the globe being hit. Amongst the casualties are numerous well known brands. This lunchtime I decided to pull together some data on the sites we have seen hit in these attacks since late [...]

http://www.sophos.com/security/blog/2008/05/1360.html 2008-05-09T13:08:09Z

Mr Swizzor had a problem. He knew that anti-malware engine heuristics thought that GUI applications without windows and buttons and text boxes were worrisome, because creating a GUI application without a GUI is a bit silly. But if he put windows and buttons and text boxes in his Trojan, those nasty anti-virus companies might decide that [...]

http://www.sophos.com/security/blog/2008/05/1377.html 2008-05-08T15:09:50Z

A couple of days ago McAfee posted an interesting blog entry detailing the aggressive use of fake MP3 files to trick victims into installing a potentially unwanted application (PUA). The article gathered some press, not least because the fake MP3 files were assigned a threat level of ‘medium’ for McAfee’s home users. Users are likely to [...]

http://www.sophos.com/security/blog/2008/05/1372.html 2008-05-08T07:28:47Z

With the newer and ever more popular generation of games consoles it’s not just about playing the game anymore, it’s also about having the ability to browse the net from the comfort of your sofa in-between games or whenever takes your fancy. Whether or not this form of surfing will ever become as popular as browsing [...]

http://www.sophos.com/security/blog/2008/05/1369.html 2008-05-06T07:42:42Z

The 17th annual EICAR conference is being held in Laval, France. Despite our worries about getting there it was actually quite an easy journey. French rail system is excellent. This year SophosLabs have presented a couple of papers, both documenting research we did at the begining of the year. Boris and I presented our work on [...]

http://www.sophos.com/security/blog/2008/05/1364.html 2008-05-01T08:19:16Z

Today sees the 30th anniversary of the first ever spam message. The message was sent by Gary Thuerk, an over-enthusiastic sales and marketing representative of DEC, to all 393 users of ARPANET (which later became the internet as we know it today). In those 30 years, spam has progressed from a minor nuisance to a significant problem of bandwidth, users’ [...]

http://www.sophos.com/security/blog/2008/05/1365.html 2008-05-01T07:39:42Z

It may not have been a Rocket Scientist but the report on The Register that a NASA employee was conned into installing malware, should be a wake-up call that it could happen to anyone in any company. Though the malware was not named, looking at the DOJ press release raises a few concerns: “As a result [...]

http://www.sophos.com/security/blog/2008/04/1363.html 2008-04-30T14:40:27Z

Yesterday saw the release of Grand Theft Auto IV (GTA IV), arguably the most eagerly awaited game of the year. Never ones to drag their feet, spammers are already hoping to catch gamers out with the offer of a free copy of the game for PS3. Heck, they’re even throwing in a Playstation 3 as [...]

http://www.sophos.com/security/blog/2008/04/1361.html 2008-04-30T14:03:07Z

Over the weekend the Spyware Sucks blog talked about Yahoo! serving up poisoned adverts via one of their websites. Subsequent posts suggested that Sandi Hardmeier had not received a favorable resolution after informing Yahoo! of this issue. On Monday The Register highlighted this issue. Currently, the malicious adverts are still on Yahoo! servers and can be [...]

http://www.sophos.com/security/blog/2008/04/1359.html 2008-04-28T16:21:53Z

Many people with even a vague interest in security will be aware of Defcon. The Vegas-based hacker conference is held as a yearly event where security experts and enthusiasts alike are able to present and attend lectures addressing various issues in modern IT security. In addition to all-night parties, no-holds gambling and other Vegas orientated activities [...]

http://www.sophos.com/security/blog/2008/04/1358.html 2008-04-28T09:22:47Z

I read an interesting paper this morning written by folks at the University of Mannheim and Institut Eurecom. In the paper they present results of research in which they monitored the P2P botnet of Storm, with a view to understanding, measuring and potentially being able to disrupt it [1]. The work was presented in the [...]

http://www.sophos.com/security/blog/2008/04/1355.html 2008-04-26T15:11:28Z

Even in an otherwise quiet Saturday there are several phishing campaigns worth mentioning. The first is a campaign targeting Abbey UK bank. This is a standard but well orchestrated and sustained spamming using several newly created domains. A botnet (or few) is used to send emails that vary both the Abbby owned domain name [...]

http://www.sophos.com/security/blog/2008/04/1350.html 2008-04-25T16:02:25Z

With all the excitement of my vacation and Infosec, the fact that the SophosLabs blog is now one year old escaped me. I posted the first entry on April 19th last year following a malware attack using the tragedy at Virginia Tech. Since then we have posted over 700 articles on a wide range of topics, everything from [...]

http://www.sophos.com/security/blog/2008/04/1348.html 2008-04-25T15:58:59Z

With no end of malware these days aggressively targeting peoples’ finances and personal data it was a surprise this morning to see a simple VBS script worm, apparently written with the sole aim of airing a personal grievance. VBS/AutoRun-DQ displays the following picture: Writing something like this just to express annoyance with an individual is an interesting, [...]

http://www.sophos.com/security/blog/2008/04/1346.html 2008-04-25T08:18:50Z

The internet is a great place for fraudsters to con naive computers users by appealing to their fears and desires. Fake/fraudulent anti-malware (anti-virus, anti-spyware etc.) applications have been around for a long time and we see a regular influx of new variants.  More recently we’ve seen a variation on this theme that targets current fears over [...]

http://www.sophos.com/security/blog/2008/04/1345.html 2008-04-24T03:24:23Z

Today was a most unusual day; I analyzed two malware samples which contained religious themes in two completely different contexts. Before I go ahead and talk about these two samples, I want to apologize if anyone is offended by my blog. W32/Autorun-DP is a malware which targets an Indonesian audience. It is a run-of-the-mill Autorun worm [...]

http://www.sophos.com/security/blog/2008/04/1339.html 2008-04-23T23:47:09Z

Back when I was growing up, I remember playing video games such as Super Mario Brothers and thinking to myself, “Boy, I wish I could get star power and become invulnerable!”. Well dream no more, let me introduce you to the worlds first invulnerable stone as seen in a spam message today. At USD $1,000 it [...]