Articles by Fraser Howard
A threat that doesn't just attack, but asks you to put in a password first?
Sounds weird, but the trick worked for malware in the past, and is now being used in phishing
Fraser Howard of SophosLabs explains...
News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.
Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"
Fraser Howard of SophosLabs looks at the data...
Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.
In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.
Sometimes an insult can be amusing.. and even strangely complimentary.
Here's something which raised a smile for researchers at SophosLabs.
SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.
Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.
For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.
Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
What do you do when attackers are abusing legitimate domain Registration services?
How do you stop or at least disrupt the malicious attacks?
Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.
Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?
Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.
Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites.
Numerous .eu domains have been registered this month for the purposes of infecting computers with malware, via the Blackhole exploit kit.
Security expert Fraser Howard takes a closer look.
Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?
Trust your search engine results? Read how image searches within Bing are being poisoned by attackers in order to drive web traffic to malicious sites.
Arguably the most successful exploit kit over the past couple of years is getting a facelift. We have seen announcements this week about a new version of Blackhole being released.
Find out more about some of the proposed features it includes.
Exploit kits typically target plug-ins, using vulnerabilities within them to infect the machine. Disabling plug-ins by default is therefore a good thing as far as keeping your system secure. But it isn't always easy...