Sophos

SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

December 2007

  • Chinese domains Western pornOver the past year SophosLabs have noticed a trend that shows no sign in stopping. The trend is that some countries’ TLDs are being abused by spammers to host content for the English speaking world....
    31 December 2007 16:54 GMT
  • If It Ain't Broke, Don't Fix It For some considerable period of time now there have been applications flying around the internet, popping up here and there (quite literally), which claim there are viruses or other serious issues on your...
    29 December 2007 17:43 GMT
  • Mal/Jessy-A exploiting assassination of Benazir BhuttoWhile drinking my coffee this morning I was reading another blog. The story about hackers poisoning Search Engine results for queries regarding the ex-Prime Minister of Pakistan Ms Benazir Bhutto was...
    28 December 2007 16:16 GMT
  • World of SpamcraftWhat with it being Christmas and all, I’ve had quite a bit of time off work to waste and decided to spend it playing with a virtual dwarf in the online World of Warcraft. After choosing your race and...
    27 December 2007 13:43 GMT
  • All Work And No Play Makes Dorf Spammer Er Irritating!As my colleague in Australia wrote the Dorf campaign has been relentless thus far over the festive period. The Dorf scam has now begun to focus on a “New Year” theme, a bit too early. Perhaps...
    26 December 2007 17:56 GMT
  • Santa Has Brought In His Little DorfsThe Dorf spam campaign shows no signs of abating during the festive season. This morning, SophosLabs analysts continue to battle against the little Dorfs (excuse the bad pun). The latest incarnations being...
    26 December 2007 06:26 GMT
  • The Christmas menuThis year's Christmas menu had it all: an assortment of 'enlargement' medications, copious amounts of supposedly free goodies (just need to take a survey or three and wait an infinity), some very...
    25 December 2007 07:48 GMT
  • Return Of The Dorfs: A Christmas SpecialToday spamtraps monitored by SophosLabs received samples of a malware campaign spammed out using the combination of the holiday season, and the promise of a “Personal Holiday Strip Show” in an...
    24 December 2007 07:29 GMT
  • Spoofed eCard site infecting victims with CimuzOr perhaps the more festive title “Jingle All the Way ( …to a Cimuz infection)” ? Overnight SophosLabs identified a malicious eCard spam campaign that was spoofing the legitimate...
    23 December 2007 13:27 GMT
  • The 2007 cash cow - compromised web sitesBy now, most users are broadly familiar with the concept of compromised machines; machines that have been pwned, under some form of remote command. The familiarity even extends to appreciating some of the...
    22 December 2007 17:46 GMT
  • Hannah Montana ScammerToday I came across a sad tale of a parent defrauded trying to buy a Christmas present. Even in the holiday season there are those mean enough to take advantage. This parent wanted to buy tickets for the...
    20 December 2007 23:43 GMT
  • Don't do PushdoAs the year comes to an end we see another Troj/Pushdo-Gen malware spamming. Traditionally, we have seen these Pushdo spamming on Wednesdays will we see another next Wednesday on Boxing/St Stephen’s...
    20 December 2007 10:31 GMT
  • Definitely Not ShakespeareWe at SophosLabs encountered a new variant of the W32/SillyFDC family of worms today, detected as W32/SillyFDC-BQ. Besides its usual habits of spreading via removable drives, masquerading as a Microsoft...
    20 December 2007 07:13 GMT
  • Become an honourable Donation Collector In SophosLabs, we constantly observe a steady stream of money mule/Nigerian scam campaigns. Usually these emails offer some part-time position to “process money from our overseas customers” or...
    20 December 2007 00:18 GMT
  • Large scale Orkut virus outbreak not coolAlthough most of the virus attacks these days are financially motivated, old style attacks that attempt to make the attacker look cool and famous still exist. The most recent example is yesterday’s...
    19 December 2007 17:52 GMT
  • Slaves, Stocks and SportsI had an interesting chat with a lawyer at a party this weekend. We chatted about various topics, such as console modding, copyright infringement and Pump and Dump scams. One of the topics was the...
    18 December 2007 14:45 GMT
  • Why should I care? I was giving a presentation recently and while most of the audience were in the education sector, there were a couple of corporate IT staff there. When it came time for questions, one of the corporate...
    17 December 2007 22:36 GMT
  • Zbot (aka Prg) banking Trojan distributionA few days ago SecureWorks published an interesting article describing a new variant of a banking Trojan family they refer to as ‘Prg’. Of course, banking Trojan attacks are an everyday...
    17 December 2007 15:29 GMT
  • The game is over Today I ran into something I haven’t seen in a while - a worm that announces its presence. W32/Atax-A is a typical run-of-the-mill worm. It performs some of the usual spreading techniques, like...
    13 December 2007 04:10 GMT
  • Increased Pushdo aggressionRecently we have hit another twist in the PPP saga, and I am not talking point-to-point protocols. Instead I am referring to the Pushdo Prevention Problem. As regular readers will know, Pushdo is a family...
    12 December 2007 08:45 GMT
  • More lost data.During the lunchtime news bulletins I heard another report of data loss by a UK government agency. Sure enough, digging around for more details there are reports starting to appear confirming the story...
    11 December 2007 14:22 GMT
  • Coincidence or Shameless?We here in the CA Labs get to see a lot of weird and sometimes terrible things in spam messages, and today was no exception. While doing our usual rounds of analysis today a particular message as seen below...
    10 December 2007 20:36 GMT
  • president [at] whitehouse [dot] govInteresting article from Freakonomic. The article mentions research that supports the use of email for the President of the United States. One of the arguments in favour of using email was the reduction of...
    10 December 2007 11:12 GMT
  • Missed business opportunitiesThe biggest secret of working over weekends as a malware and spam researcher is not the fact that you are protecting your customers against attackers that often choose weekends to attack. The biggest secret...
    8 December 2007 18:05 GMT
  • More worrying MD5 discoveries After the recent news about manufactured MD5 checksum collisions, 20 minutes worth of research was carried out to see if any new information could be gathered. Astonishingly, it turned out that malware can...
    7 December 2007 14:29 GMT
  • Mangos and Viagra (and porn)Mangos and viagra? No, this is not some obscure Christmas recipe. Instead it refers to some recent activity in Web attacks we have been monitoring over the past few months. To date, the attacks have all...
    7 December 2007 13:46 GMT
  • More Zlob lure sites surfacingSo, recently the Zlob folks have been pretty busy. Aside from adding Mac users to their victim list, we recently reported aggressive use of SEO techniques to lure victims. No more than what we should expect...
    6 December 2007 16:13 GMT
  • Beware! You've been served and ownedAn interesting spam message came into our traps recently. The message talks about an imaginary person filing a complaint against your company with The Department of Justice. As the message specifies, the...
    5 December 2007 01:25 GMT
  • Blog spammers versus Spam bloggersSophosLabs has been monitoring some blog spammers. While trudging through the logs of the monitoring tool we saw a number of cases where the spammers would spam links to other blogs. These other blogs had...
    4 December 2007 16:45 GMT
  • Proactive detection of unknown malware - a real test of anti-virus softwareSophos’s Behavioral Genotype protection is one of the technologies built into Sophos’s threat detection engine to protect proactively against new, unknown malware before we have analyzed it in...
    4 December 2007 16:20 GMT
  • Mal/EncPg-A protection updated to detect doubly obscured codeWhile investigating some files sent in by a customer last week I noticed that the automated analyzer had gotten stuck. The attack site, in yellow, was a dead end. However, when I went there myself I saw...
    3 December 2007 13:13 GMT
  • Nostradamus attack predicts the futureToday I came across an interesting article written by a group of researchers at the Technical University of Eindhoven. The group has been involved in research of collisions in MD5 one-way hash algorithm....
    3 December 2007 12:15 GMT
  • Botmasters herded up by the FBILast week the newspapers were full of stories about the teenager arrested in New Zealand, accused of heading up an international hacking ring that broke into millions of computers around the world. The...
    3 December 2007 11:34 GMT

Select another month

RSS feed

Atom feed

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.