Articles by James Wyke
Point of sale devices and Canadian banks targeted by Citadel malware variant
A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke.
The Citadel crimeware kit - under the microscope
Ever since the source code of Zeus/Zbot leaked in May 2011, many new variants have appeared.
One particularly prevalent example is Citadel.
James Wyke of SophosLabs puts it under the microscope....
Over 9 million PCs infected - ZeroAccess botnet uncovered
ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows.
And it can earn its creators in excess of $100,000 per day. Find out more in our new technical paper.
Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode
The ZeroAccess rootkit, which hijacks PCs and recruits them into a botnet, has undergone a significant revision - SophosLabs researcher James Wyke reveals.
Digging Deeper on the TechCrunch Zbot
Last week the website belonging to TechCrunch Europe had malicious code planted on it, the payload of which was a variant of Zbot - Troj/Zbot-YP. There are several interesting aspects of this variant that are worth exploring in a little Read more…
Why won't my sample run?
Here at SophosLabs we have recently been seeing samples of Zbot (also known as the Zeus crimeware kit) that refuse to execute on any of our testing machines. Often when this happens it is because the sample is corrupt or will Read more…
Fake Car Tax Malware
Sometimes malware authors make it really easy to spot a scam. Today's email attachment campaign is a fake car tax update. Apparently the "Ministry of Transport" has made some sort of change to my car tax and details are in the attached Read more…
Miscellaneous Poisoning Blasts Off
Search terms for the recent shuttle launch and the Southern Entertainment Rap awards are currently the targets of SEO poisoning campaigns. Unprotected users who take the bait will become infected with FakeAV. Searching for combinations of these and other popular trend Read more…
Tiger's play too rough on Valentines Day
While most sane people around the world are enjoying a romantic Valentine's Day today, we at SophosLabs remain vigilant on the front line of the war against malware. This year, Valentines Day coincides with the Chinese New Year as well Read more…
Tiger still hot stuff
Despite talk of Tiger Woods' sponsors "limiting his role" in their advertising campaigns, he is still very much hot stuff when it comes to search engine queries which means he's still a viable target for the malware writers. We can Read more…
There's Malware on Elm Street this Halloween ... with pumpkins!
It appears that this Halloween the malware writers preferred choice of infection vector is by using SEO (Search Engine Optimization) techniques to poison popular search terms. We at SophosLabs have seen relatively few email campaigns that exploit Halloween this year, but there have been Read more…
Your Funds Will Be Transfered
This morning while monitoring our spam traps I was greeted with the following proposition: Added to the suspiciously poor spelling and grammar, the message also has an attachment named "WU Money Sent.exe." By this point any sane person would have Read more…
You don't have a job? Get a Govt Grant
While monitoring SophosLabs' spam traps this morning I came across a proposition with the following subject: You don't have a job? Get a Govt Grant Several things stand out from this email that make me think it is something other than Read more…
Sality Goes EPO
One of the more active families of file infecting viruses, Sality, has this week received a major overhaul in its infection method. Sality has been a major headache to AV companies and their customers due to constant changes in its Read more…
Not So Safe Girls
On a quiet Sunday here at SophosLabs, I was looking through our spam systems and noticed an interesting campaign. The email arrives with the message body along the lines of the following: hey cutie, are you stilll single? this is lydia Read more…
Thumbing a Lift
I was analysing a cheeky little Visual Basic Script Worm the other day, and noticed that it used a method of ensuring its persistence on the infected system that I had not come across before. VBS/AutoRun-UC copies itself using the filename Thumb.db, clearly designed Read more…
McColo shutdown lightens malware load
Not only has the take down of McColo last week (link, link) caused a massive drop in worldwide spam levels, but it would also appear to have resulted in a big drop in the level of malware being spammed out Read more…
Why even malware writers need anti-virus
One of the many interesting types of malware samples that we see at SophosLabs is malware that does rather more than its author intended it to do. We will receive a sample that typically has been packed with one of Read more…
To Junk Or Not To Junk
Following on from my colleague's post here concerning broken Sality infections, it is quite interesting to look at modern day polymorphic viruses and whether their propensity to junk files is wholly by accident or whether there is the occassional element of intent Read more…
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
