FYI...

Speed up your PC! for FREE!
- http://www.sophos.com/security/blog/2008/03/1072.html
27 March 2008 - "What’s the easiest (and cheapest) way to get a faster computer?... numerous tools and applications insist on clogging up their system drive with poorly written uninstallers, gigabytes of temporary files and those annoying startup agents that load with Windows and sit resident in memory just in case they’re needed. It’s common then, for these users to turn to third party tools to clean up their computers. For the most part, these tools work pretty well. However, these programs are not always what they seem... To the unsuspecting computer users, this software looks like the perfect thing to clean up their computer. It appears simple, easy to use, small and free. Just the sort of things we’re looking for right? Wrong! This tool will “optimise” your computer by deleting a lot of critical system files. The end result is that your computer is rendered un-bootable and you’re left hoping that you have made a full system backup recently... this malicious program is detected by Sophos as Troj/Sysdel-B..."

Fake shooting scam used in Trojan attack
- http://www.sophos.com/security/blog/2008/03/1238.html
29 March 2008 - "... SophosLabs noticed a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a spy Trojan. We saw several spam messages alerting users to the supposed shooting of the e-Gold founder... A variety of domains have been used in the scam. Browsing to each of the domains redirects to a malicious page on another server... The script attempts to exploit several client-side vulnerabilities in order to download and install a Trojan... Specific detection for the Trojan and the files it installs has been added as Troj/Agent-GUJ. This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims..."

Swim in $$$ = Swim with Sharks!
- http://www.sophos.com/security/blog/2008/03/1237.html
28 March 2008 - “Im ************, i swim in money $$$
I want you to swim with me!!! send this file to all friends and join me!!”
If you are swimming with Troj/Nymod-A and looking at what appears to be the random picture of some person, you are definitely swimming with the sharks. Troj/Nymod-A drops a file called ^^^^^.exe (proactively detected by Sophos as Mal/Basine-C) and sets it to autostart everytime you reboot your computer. File ^^^^^.exe has process monitoring which just respawns itself if you kill the handle running ^^^^^.exe. Finally it tunnels through your firewall and contacts a remote server whose domain ends in “.ru”! This has opened your computer to the $$$ sharks who might steal information from you, or steal your computer’s resources = $$$ for them."

(Screenshots available at each URL above.)