sophos

Many a college student adorns his dorm room wall with a picture, often large, of ESPN sideline reporter Erin Andrews.

It is not for me to declare that hers is the apogee of beauty. But the enthusiasm with which her image is often greeted by young men parallels that of the image of a carrot to a starving giraffe.

So perhaps one shouldn't fall to the rear and bump one's inverted baseball cap on the sidewalk to discover that some mischievous little miscreant filmed Andrews in a somewhat disrobed state through the peephole of her hotel room.

Given … Read more

The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.

Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.

The worm is targeting about 7,750 … Read more

Customers of CheckFree.com, an online bill paying site, were quietly redirected to servers in Ukraine early Tuesday morning, according to several reports.

Representatives of CheckFree told WashingtonPost.com that customers were redirected to a blank log-in page that attempted to install malware on the visiting PC. The company said it regained control at 5 a.m. EST Tuesday, so only customers using the site overnight were likely affected.

Mike Haro, senior security analyst at Sophos told CNET News, "The fact that they used a blank page to download a Trojan (not exactly subtle) says to me one of … Read more

The customer database of Express Scripts, a company used by employer health care services to provide prescription medicine by mail, has been breached. In a twist, the company said it learned of the breach in "a letter from an unknown person or persons trying to extort money from the company."

The company posted details on its Web site Thursday. The letter, received in October, threatened to reveal millions of customer records--including Social Security numbers, addresses, dates of birth, and in some cases, prescription information--on the Internet if the extortion demands were not paid. The company did not disclose … Read more

Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors. The U.K.'s Sophos reported 60 percent of all spam seen by the lab on Wednesday was in some way Obama related.

One piece of spam alleges to contain a link to video of Obama's acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you'll be asked to update your Adobe Flash Player with a file, adobe_flash9.… Read more

A flood of e-mails pretending to be from MSNBC contain links to malicious software, security companies warned Wednesday.

According to an MX Lab blog post, subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into prep school, hundreds of kids killed"; "Please give your opinions for change"; and "US Dollar hits 6-year high, further gains expected."

The Web address http://breakingnews.msnbc.com is valid if you type it into … Read more

CNET News' Greg Sandoval analyzes Yahoo's attempts at damage control to mollify customers upset over its digital music policy. Apple has begun issuing regular status reports for its recently introduced e-mail and cloud-computing service. The good news: The situation is improving. But the company still isn't out of the woods. And Webware's Rafe Needleman assesses the odds for a technology start-up with an impressive pedigree to carve out a place in the increasingly hardscrabble market for Internet search.

Today's stories:

MSN to follow Yahoo in issuing music refunds?

New search engine takes aim at Google … Read more

Endpoint security isn't endpoint security anymore.

The old standards of antivirus, anti-spyware, and a firewall are no longer enough. In today's market, you need more types of protection like data loss prevention (DLP), full-disk encryption, or endpoint operations. The big guys like McAfee, Symantec, and Trend Micro aren't settling for one safeguard or another. They will likely have the whole enchilada in their endpoint security suites soon.

With this trend in mind, U.K.-based Sophos decided to jump into the new endpoint security game with both feet. The company announced that it is offering $340 million to acquire Utimaco Safeware, … Read more

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin … Read more