Articles by Fraser Howard
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.
Sometimes an insult can be amusing.. and even strangely complimentary.
Here's something which raised a smile for researchers at SophosLabs.
SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.
Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.
For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.
Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
What do you do when attackers are abusing legitimate domain Registration services?
How do you stop or at least disrupt the malicious attacks?
Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.
Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?
Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.
Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites.
Numerous .eu domains have been registered this month for the purposes of infecting computers with malware, via the Blackhole exploit kit.
Security expert Fraser Howard takes a closer look.
Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?
Trust your search engine results? Read how image searches within Bing are being poisoned by attackers in order to drive web traffic to malicious sites.
Arguably the most successful exploit kit over the past couple of years is getting a facelift. We have seen announcements this week about a new version of Blackhole being released.
Find out more about some of the proposed features it includes.
Exploit kits typically target plug-ins, using vulnerabilities within them to infect the machine. Disabling plug-ins by default is therefore a good thing as far as keeping your system secure. But it isn't always easy...
Sometimes things can get a little personal when dealing with the huge volume of malware that is discovered every day.
Trust is crucial for financial web transactions, which is why it is so important that legitimate organisations don't get sloppy with best practice.
A weight loss spam campaign, being sent from hacked email accounts, is being seen in extremely high numbers.
SophosLabs expert Fraser Howard investigates.
Take a look into the latest widespread attack against legitimate websites, in which many sites are hacked in order to redirect users to exploit sites.