The US jam and jelly maker is just the latest fly to get stuck in the same web that ensnared dozens of companies last year, including some of the world's largest data brokers and at least one credit card processor.
Panin, a Russian national, admitted to developing and distributing the banking malware, which was sold to over 150 clients through underground cybercrime forums, and is designed to compromise PCs and connect them to botnets of similarly backdoored systems.
Leaky logic leaves logins loose in logfiles; mendacious mails menace Macs with Mavericks malware, and criminal contractor compromises Korean credit company!
60 Sec Security - 25 Jan 2014...
What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?
Listen as Chet and Duck dissect and explore the week's security stories...
The Target data breach story has turned into a bit of a bus: it's big, has lots of momentum, and three just came along at once.
First: 40M payment card details stolen. Second: 70M names, addresses and the like stolen. Third: looks like there was a specialised botnet involved.
Botnets, short for "robot networks", are more than just malware: they're the money making machinery of modern cybercriminals.
Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic...
Since Microsoft took positive action against the ZeroAccess botnet at the beginning of December, SophosLabs has been paying close attention to see if the owners would attempt to revitalise the botnet and return it to profitability.
James Wyke looks into what happened...
Microsoft, in conjunction with Europol and the FBI, has successfully taken down the click fraud servers used by ZeroAccess, disrupting one of the world's largest and most resilient botnets.
New Jersey has slapped a million-dollar fine on an on-line gaming company that sneakily used its own anti-cheating software to mine Bitcoins on its customers' computers.
The company is paying under protest, claiming a "deep misunderstanding of the nature of our business."
SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample.
He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro...
Operation Payback was first launched in support of file-sharing sites but evolved to back WikiLeaks and to retaliate against the companies that shut down processing of the site's financial support. All participants had to do was to click a link, download the tool, and launch an attack...
Chester Wisniewski writes to us from Virus Bulletin 2013 in Berlin, Germany to share the latest research on malicious documents, bot herders and foos ball.
One of three men indicted in the US earlier this year in connection with the Gozi banking trojan remains in his native Latvia, after courts twice blocked US requests for extradition.
The Latvian foreign minister has added his weight to the battle to resist the extradition, arguing that the potential 67 year prison sentence cited in the indictment is "disproportionate" to the crime the man is accused of.
Guess what? The authors of the infamous ZeroAccess malware have pushed out another update, and this time they're using some interesting techniques to stay alive longer.
James Wyke of SophosLabs explains...
Popular SophosLabs writer Gabor Szappanos is back with more insights into the Tibetan-themed Advanced Persistent Threat (APT) scene.
This time, he looks at Smoaler, a new cousin of the PlugX family that starts off like what we've seen before, before branching off in new ways.
Last week, Microsoft took aim at more than 1,400 Citadel botnets by sinkholing their command and control infrastructure.
What was the actual effect of this takedown? SophosLabs takes a look...