(get it in RSS or Atom)

Have we seen the end of the ZeroAccess botnet?


Since Microsoft took positive action against the ZeroAccess botnet at the beginning of December, SophosLabs has been paying close attention to see if the owners would attempt to revitalise the botnet and return it to profitability.

James Wyke looks into what happened...

Microsoft and partners fight back against the ZeroAccess botnet


Microsoft, in conjunction with Europol and the FBI, has successfully taken down the click fraud servers used by ZeroAccess, disrupting one of the world's largest and most resilient botnets.

Million-dollar fine for sneaky Bitcoin botnet builders


New Jersey has slapped a million-dollar fine on an on-line gaming company that sneakily used its own anti-cheating software to mine Bitcoins on its customers' computers.

The company is paying under protest, claiming a "deep misunderstanding of the nature of our business."

From the Labs: New PlugX malware variant takes aim at Japan


SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample.

He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro...

LG TVs grab data, GitHub attacked, vBulletin breached - 60 Sec Security [VIDEO]


How honest is your TV? Why do crooks like source code hacks? Should you brag when you publish a breach notification?

Find out now in 60 Second Security.

Spam from an anti-virus company claiming to be a security patch? It's Zbot/Zeus malware...


A spam campaign that seems to originate from a whole raft of different security and anti-virus companies... actually an effort to trick to into installing a new variant of Zbot/Zeus onto your computer.

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]


Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

US indicts 13 suspected Anonymous members for Operation Payback

US indicts 13 suspected Anonymous members for Operation Payback

Operation Payback was first launched in support of file-sharing sites but evolved to back WikiLeaks and to retaliate against the companies that shut down processing of the site's financial support. All participants had to do was to click a link, download the tool, and launch an attack...

Zero Access, vulnerability disclosure and the evils of RTF


Chester Wisniewski writes to us from Virus Bulletin 2013 in Berlin, Germany to share the latest research on malicious documents, bot herders and foos ball.

Latvia blocking extradition of Gozi writer thanks to "disproportionate" US sentencing

Federal Bureau of Prisons - DENIED

One of three men indicted in the US earlier this year in connection with the Gozi banking trojan remains in his native Latvia, after courts twice blocked US requests for extradition.

The Latvian foreign minister has added his weight to the battle to resist the extradition, arguing that the potential 67 year prison sentence cited in the indictment is "disproportionate" to the crime the man is accused of.

ZeroAccess malware revisited - new version yet more devious


Guess what? The authors of the infamous ZeroAccess malware have pushed out another update, and this time they're using some interesting techniques to stay alive longer.

James Wyke of SophosLabs explains...

The PlugX malware factory revisited: introducing "Smoaler"


Popular SophosLabs writer Gabor Szappanos is back with more insights into the Tibetan-themed Advanced Persistent Threat (APT) scene.

This time, he looks at Smoaler, a new cousin of the PlugX family that starts off like what we've seen before, before branching off in new ways.

Was Microsoft's takedown of Citadel effective?

Was Microsoft's takedown of Citadel effective?

Last week, Microsoft took aim at more than 1,400 Citadel botnets by sinkholing their command and control infrastructure.

What was the actual effect of this takedown? SophosLabs takes a look...

Botnet smackdown, Oracle on Java, Passwords you can eat - 60 Sec Security [VIDEO]


Here's our latest 60 Second Security video.

From botnet takedowns to authentication tokens you's the latest security news in a easily digestible format!

FBI and Microsoft in massive takedown of "Citadel" crimeware

Microsoft just announced the successful disruption of 1462 "Citadel" botnets.

You read that correctly!

Not a botnet of 1462 computers, but 1462 separate botnets...

Monday review - the hot 24 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Opinion: No, the LulzSec hackers weren't noble

Was the LulzSec hacking gang harmless? Perhaps noble, even?

Graham Cluley argues that it's not cool, or funny, to hack into companies, expose the private information of members of the general public, and to launch denial of service attacks.

Jail for the LulzSec hacking gang members

LulzSec hackers sentenced

BREAKING NEWS: Members of the notorious LulzSec hacking gang have been sentenced at Southwark Crown Court in London.

Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]

Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]

LulzSec are about to be sentenced, which will tell us what the judge thinks.

But why not tell us what you think, right here, right now?

The LulzSec hackers who boasted they were "Gods" await their sentence

The LulzSec hackers who boasted they were "Gods" await their sentence

Four members of the notorious LulzSec hacking gang, who attacked websites belonging to the likes of the CIA, the NHS and the Serious Organised Crime Agency (SOCA), are due to be sentenced by the UK authorities.