Articles by Fraser Howard

About Fraser Howard

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.

Making phishing more complex - on purpose

postepay-170

A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Assessing the impact of the Blackhole arrests

bh-250

News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.

Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"

Fraser Howard of SophosLabs looks at the data...

The four seasons of Glazunov: digging further into Sibhost and Flimkit

The four seasons of Glazunov: digging further into Sibhost and Flimkit

Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.

Taking a closer look at the Glazunov exploit kit

Taking a closer look at the Glazunov exploit kit

In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.

A closer look at the malicious Redkit exploit kit

A closer look at the malicious Redkit exploit kit

In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.

Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.

Lifting the lid on the Redkit exploit kit

In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.

Learn more about how this kit works and the compromised web servers that are being used to host it.

Spicing up phishing attacks

Spicing up phishing attacks

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.

Oh dear. SophosLabs has upset some malware authors

Oh dear. SophosLabs has upset some malware authors

Sometimes an insult can be amusing.. and even strangely complimentary.

Here's something which raised a smile for researchers at SophosLabs.

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.

Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

rushingmancartoon

In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.

Abuse of .EU domains by malware gangs continues despite Registrar notification

Abuse of .eu domains continues despite Registrar notification

What do you do when attackers are abusing legitimate domain Registration services?

How do you stop or at least disrupt the malicious attacks?

Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.

Technical paper: Journey inside the Blackhole exploit kit

plug-hole-thumb

Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?

Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.

Hacked Go Daddy sites infecting users with ransomware

go-daddy-thumb

Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites.

EU domain abuse, courtesy of the Blackhole exploit kit

EU domain abuse, courtesy of the Blackhole exploit kit

Numerous .eu domains have been registered this month for the purposes of infecting computers with malware, via the Blackhole exploit kit.

Security expert Fraser Howard takes a closer look.

Blackhole exploit kit confusion. Custom builds or copycats?

Blackhole exploit kit confusion. Custom builds or copycats?

Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?

Searching for images on Bing? Beware malicious search engine poisoning

Searching for images on Bing? Beware malicious Blackhat SEO poisoning

Trust your search engine results? Read how image searches within Bing are being poisoned by attackers in order to drive web traffic to malicious sites.

New version of Blackhole exploit kit

Blackhole exploit kit

Arguably the most successful exploit kit over the past couple of years is getting a facelift. We have seen announcements this week about a new version of Blackhole being released.

Find out more about some of the proposed features it includes.

Adobe Flash security update *is* coming to IE 10 (reportedly)

plugs_250

Exploit kits typically target plug-ins, using vulnerabilities within them to infect the machine. Disabling plug-ins by default is therefore a good thing as far as keeping your system secure. But it isn't always easy...

Dealing with mobile SMS / text spam [POLL]

Girl looking at phone Dealing with SMS spam

From insurance claims to adult content subscription services, SMS spam seems to be a growing problem. Well, for me at least. Do you know how you should report such text messages?