SophosLabs Blog

Want to know what Sophos experts think about the latest security issues? Daily updates from SophosLabs™ provide insight into the most interesting and widespread threats

2007
2008

January

Side of spam with your Dorf?As we’ve blogged about previously, the current form of the constant flood of Dorf spam has been taking advantage of Valentine’s Day which is quickly approaching. An interesting twist observed by...
31 January 2008 21:22 GMT
Testing of security software improves againPast posts about testing anti-virus products have shown how simple detection tests do not always paint the complete picture. A recent test by AV-Test.org has shown that there is more to testing than just...
31 January 2008 11:30 GMT
Naked Girls With Guns ..Curiosity killed the cat…. and sometimes it infected many users’ systems. Others, like you, that were intrigued by a similar headline, downloaded and opened what they thought was just a Power...
31 January 2008 07:39 GMT
Make Viruz, On Demand - Hacking 101If you thought that writing malicious programs could not get any easier thanks to readily available online kits, think again… This viruz maker I came across today creates customized batch files for a...
30 January 2008 07:27 GMT
20 hippos trying to get through a revolving doorDistributed Denial of Service (DDoS) attacks have been hitting the headlines more than normal in the last week following a number of high profile news stories. For those who don’t know, a DDoS attack...
29 January 2008 15:19 GMT
The Dorf CalendarThe Dorf spammers are still suffering from ACS, what with the rather premature Valentine’s Day campaign. Perhaps they are attempting to emulate the millions of ridiculously early marketing campaigns...
26 January 2008 17:50 GMT
Sophos Security Threat Report 2008 discussed onlineEarlier this week, we published the Sophos Security Threat Report 2008, looking at some of the key events in the field of computer security that we’ve seen over the past 12 months and making some...
25 January 2008 17:07 GMT
Abuse of social bookmarking sitesA few weeks ago I was chatting with a colleague about the ways in which social bookmarking sites are abused. Over the past few years there has been growth in both the number of such services available, and...
25 January 2008 16:08 GMT
Best (not to) Buy infected picture framesWe had a couple of queries about the interesting story published yesterday by MSNBC. It seems that many people, while purchasing digital picture frames as Christmas presents for their friends and family,...
24 January 2008 17:47 GMT
New generation of Commwarrior - say NO to beauty, sex and loveJust to prove it is not about to retire any time soon, another Comwarrior variant for mobile phones has struck again. In fact, two new variants have been received (detection for which has been added as...
24 January 2008 17:23 GMT
Root compromise responsible for hacked sitesReaders will have probably read about the series of sites that have recently been compromised with something a little more sophisticated than the regular attack [1,2]. Over the past week or so, aside from...
22 January 2008 15:13 GMT
Storm: A long and lasting love The outbreak of spam linking to Dorf (Storm) malware is far from over. It started in the beginning of last week, exploiting the Valentine’s Day theme. Today it is showing no signs of slowing down. The...
22 January 2008 02:26 GMT
Multicultural SpamAs Morpheus from the movie The Matrix once said. “You take the blue pill and the story ends. You wake in your bed and believe whatever you want to believe. You take the red pill and you stay in...
19 January 2008 00:48 GMT
Blind computer users struck by a very unusual Trojan attackWhile I was investigating reports of the Troj/Mbroot-A Master Boot Record rootkit I decided to follow up on a suggestion seen on a mailing list. It was suggested that an incident described on ZoneBBS forum...
17 January 2008 16:29 GMT
Petition Gordon Brown for UK e-crime unitComputer security hit the news headlines hard in 2007. A series of incidents, including the embarrassing loss by the British Government of the personal details of 25 million people, made sure that the...
17 January 2008 10:58 GMT
Nigerian scam using Yahoo CalendarA week ago we saw Nigerian/419 scam spammers trying their luck with images. Recently, we came across a submitted sample that uses Yahoo! Calendar instead of regular email to send Nigerian/419 scams: For...
16 January 2008 20:28 GMT
Falling In Love with You The holiday season is over and Valentine’s Day is one month away, but the cybercriminals aren’t willing to wait that long. This morning we saw a new variant of Dorf malware (also known as Storm)...
15 January 2008 22:31 GMT
Pushdo SundayJust when I was hoping that we will have another relatively quiet Sunday, we spotted a new variant of Pushdo Trojan in our spamtraps. We have created a new detection for it as Troj/Pushdo-F. It seems like...
13 January 2008 16:21 GMT
MBR rootkit - the story so farDuring this week, there was quite a lot of talk about an MBR rootkit Trojan spotted in the wild at the end of December 2007. The Trojan uses techniques similar to old boot sector viruses to infect the...
12 January 2008 11:26 GMT
Nigerian image spamHere at SophosLabs we see our fair share of Nigerian/419 fraud campaigns. 419 frauds tend to ask the victim to transfer money, in advance, in return for a large sum of money. Today we received one that is a...
11 January 2008 23:27 GMT
Testing times - they are a changingSeveral posts over the last few months [1][2] have talked about quality of virus detection. Whenever testing of anti-virus products is mentioned there are always arguments over the independence of the...
11 January 2008 13:24 GMT
The Doctor and his SecretaryThe shift in how web sites have been compromised has been remarked on several times previously. Where hackers used to simply upload their tag for kudos, criminals now post malicious scripts and HTML in...
10 January 2008 10:02 GMT
English yesterday, Italian today, French tomorrow? PushU goes multilingualThe PushDo\PushU gang are back again with a new trick up their sleeves, multilingualism. Yesterday our spam traps caught a new campaign of PushU-E with messages like: “Natasha sent you animated card...
8 January 2008 20:24 GMT
86% Proactive DetectionIn a report compiled by AV-Test.org measuring proactive detection and response times Sophos consistently provided better protection than competitors such as Symantec and McAfee against the wildlist by...
8 January 2008 12:53 GMT
What's in a name?This afternoon I analysed a bog standard auto run worm. In fact, a less than bog standard auto run worm, in so much as that this one fails to copy itself to removable devices. Despite this, the one...
7 January 2008 22:35 GMT
Trojans for iPhonesFollowing our recent poll after the release of the Apple iPhone in Europe where 64% of respondents said they “would” hack their iPhone to install applications, news has reached us of a malicious...
7 January 2008 15:55 GMT
Adding detectionsThe bad guys love trying to give security companies the runaround. Normally we have the game of cat and mouse as they try to evade detection, but sometimes they take a different approach. With Web attacks,...
7 January 2008 09:12 GMT
Fan sites - an attractive target for hackers?Earlier on this morning I read a post on the TrendLabs blog describing how the New York Jets fan site has been compromised. I fed the URL into our automation systems and confirmed the malicious content - in...
4 January 2008 13:02 GMT
Christmas Photos You Won't Laugh AtSophosLabs analysts encountered another worm today in the form of W32/Rbot-GVR. W32/Rbot-GVR not only contains the usual bot functionalities of a typical IRC backdoor Trojan but it also encompasses the...
4 January 2008 06:09 GMT
Amazon review spam on the rise?Christmas and New Year’s holidays are among those rare occasions when luckier among us in Sophoslabs can afford to conduct a bit of non work-related research. The research may, for example, comprise...
3 January 2008 17:32 GMT
Not just banks Facebook tooPhishing isn’t just a banking problem as we have mentioned before. Recently, we have seen a site purporting to be Facebook. The lure to get the user to enter their credentials is supposedly racy...
3 January 2008 16:13 GMT
Christmas Outbreak - Time To ProtectHaving cleared my backlog of email relatively quickly, I decided to dig deeper into how SophosLabs performed over the Christmas period. Looking at the outbreak of PushU-D discussed earlier I was able to...
2 January 2008 17:34 GMT
PushU New YearIts been a busy few days over the festive season here in SophosLabs. This is a little unusual, as often the malware authors are relatively quiet until after Christmas day at least, but the Storm (aka Dorf)...
2 January 2008 12:02 GMT
Happy New Year!Just a quick post to wish our readers a Happy New Year. Things are looking fairly quiet so far this morning - just the usual smattering of Trojans in terms of malware, and scams, porn and pill-pushing spam...
1 January 2008 11:30 GMT

Select another month

RSS feed

SophosLabs blog

Atom feed

SophosLabs blog

Send us your feedback

Email us at sophosblog@sophos.com to share your views, ask questions, and tell us what you think.

Send us a sample

If you have suspicious files that our software has not detected, please send us a sample for analysis.