Malware

(get it in RSS or Atom)

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

It's all about trust! 60 Sec Security [VIDEO]

60ss-video-250

Watch 60 Second Security for 19 July 2014 - it's all about trust!

Notorious Shylock banking malware taken out by law enforcement

fire-globe-250

Law enforcement action led by the National Crime Agency (NCA) in the UK has knocked out the infrastructure of a banking malware known as Shylock, because of excerpts from Shakespeare's Merchant of Venice hidden in its code.

Here's how to check to make sure you weren't among the more than 30,000 PCs that were infected.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

"Gameover" malware revival - is it really up from the canvas?

newgoz-ko-250

Is the recent re-appearance of the Gameover malware a flash in the pan, or part of a concerted effort at reviving the threat?

What do we need to do to knock it out altogether?

"Gameover" malware returns from the dead...

In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether.

Bad news - it looks as though Gameover is back...

Microsoft and No-IP reach settlement over malware takedown

Microsoft and No-IP reach settlement over malware takedown

Microsoft has reached a settlement with domain provider No-IP less than two weeks after it grabbed 23 internet domain names, knocking out 1.8 million customer sites and over 5 million hostnames.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

chet-chat-logo-featured-250

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

The Russian man's father conjectures that, for all he knows, this may be a ploy for the US to get bait to exchange for Snowden.

Google's Android security chief: Don't bother with anti-virus. Is he serious?

android-antivirus-250

Google's chief security engineer for Android, Adrian Ludwig, claims that most users shouldn't bother with anti-virus and that security companies are overstating the problem of Android malware. Can he be serious? ...

How not to tell your customers how much you care about their security

phish-warning-250

We've written before about "what not to do" when sending emails to your customers.

Here's another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.

Remember macro viruses? Infected Word and Excel files? They're back...

vba-wordexcel-250

In 1995, a macro virus called Concept changed the malware landscape completely for several years.

Infected Word and Excel files finally died out in the early 2000s, but as SophosLabs researcher Gabor Szappanos explains...they're back!

Monday review - the hot 22 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.