Blog

I saw something quite funny when checking out the spam feeds the other day. An attachment kept appearing, once in a while, with a name of Christmas Card.zip. It was making sporadic appearances in the feeds (and the number of spam email messages was quite low), but there were a couple of these odd messages at equally odd hours of the day: The email message itself was a run-of-the-mill electronic greeting card with an HTML body containing a nice Flash animation—the Flash animation actually comes from a legitimate source (123greetings.com). The email body contains a message asking the user to open the attachment to see who sent the email. Of course, opening the attachment yields a malicious file. The name of the file inside is _**Christmas Card.htm[MANY SPACES].exe **_and it is already detected by Symantec as W32.Ackantta.G@mm. ...

In the last two days our lab has detected a flood of email messages that seem to have been sent by the Facebook team urging users to submit a new account agreement. We’ve seen around 16,000 since yesterday. The subject of the message is UPDATED ACCOUNT AGREEMENT and the attached file is called AGREEMENT.ZIP. The message is like the following: Users are required to submit a new account agreement before a certain date. If not, their Facebook account will be restricted. The message also contains detailed instructions on how to do it. ...

It’s Fat Tuesday — time for an Adobe Update. Adobe plans to release a security update for Adobe Reader and Acrobat later today. Read Security Advisory APSB10-07 for additional details.

While most sane people around the world are enjoying a romantic Valentine’s Day today, we at SophosLabs remain vigilant on the front line of the war against malware. This year, Valentines Day coincides with the Chinese New Year as well as the start of the Winter Olympics in Vancouver, and many malware attacks have centred around SEO poisoning of these and other topical search terms. The Chinese New Year of the Tiger is proving a popular target, especially as this ties in with any Tiger Woods related searches: ...

While everyone is searching the web for the unusual gift on Valentine’s Day, Cybercriminals take this opportunity to propagate Rouge Antivirus. I have searched for the keywords “unusual-valentines-day-gifts”, gives the following results: Clicking the highlighted link above will lead to fake message such as “Alert! Your system is exposed to risk of virus attack. It’s highly recommended to check your PC immediately. Press OK to start the scan right now”. ...

In the past, viruses and computer threats were created simply for the sake of it. Sometimes these threats would wipe your hard drive clean—just to let you know you’d been owned. This is not the case anymore; nowadays most of the threats we see are profit-oriented and try to keep a very low profile so that they aren’t easily detectable by security software. Backdoor.Tidserv does a very good job in that sense, especially with the latest version (TDL3), which uses an advanced rootkit technology to hide its presence on a system by infecting one of the low-level kernel drivers and then covering its tracks. While the rootkit is active there is no easy way to detect the infection, and because it goes so deep into the kernel, most users cannot see anything wrong in the system. ...

VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Some of the features of VirtualBox are: Modularity. VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don’t have to hack the source to write a new interface for VirtualBox. Virtual machine descriptions in XML. The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers. ...

The Google Chrome dev channel has been updated to 5.0.322.2 for Windows, Mac and Linux platforms All [r38242] Don’t crash when a theme specifies a nonexistent image. (Issue: 31719) Mac [r38319] Honor modifiers for clicks on home button – cmd-clicking the home button now opens your home page in a new tab. (Issue: 34900) [r38204] Implemented writing direction context menu in text input fields. [r38504] Add local storage nodes to the cookie manager (Issue: 33068) Linux ...

(BBC) Lonely internet users are being warned about Fembot, a piece of malicious software that poses as a flirtatious woman looking to chat on instant messaging services. Victims are persuaded to give out personal information that could be used for fraud or identity theft, according to security experts. Fembot was first spotted in 2007 but hasn’t been seen much since then. However, there are signs she may be back on the scene in time for Valentine’s Day. ...

At the ShmooCon hacker conference in Washington, D.C., last week two security researchers showed the very sensitive information that people inadvertently make available over peer-to-peer networks. In their presentation, “Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals,” pen testers Larry Pesce and Mick Douglas said they found a lot of music, porn, malcode collections and the following: driver’s licenses, passport and tax return forms with Social Security numbers; someone’s will A retirement analysis form with savings account totals and income estimates; An IRS form with taxpayer identification number; A completed Turbo Tax form with personal information filled in. The two have started The Cactus Project to help security specialists do similar research to help organizations tighten up the information they share over P2P. They list best-of-breed tools for conducting the research, including Mutella and the Gnutella Protocol on their site http://pauldotcom.com/cactusproject.html. ...