(get it in RSS or Atom)

From the Labs: VBA is definitely not dead - in fact, it's undergoing a resurgence

Fake Sophos Encryption

Our most recent detection statistics show that using Visual Basic code in malicious documents is a trend on the rise. So why have malware authors turned to Visual Basic to do their bidding?

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

From the Labs: PlugX - the next generation

X. Image courtesy of Shutterstock

In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.

Have we seen the end of the ZeroAccess botnet?


Since Microsoft took positive action against the ZeroAccess botnet at the beginning of December, SophosLabs has been paying close attention to see if the owners would attempt to revitalise the botnet and return it to profitability.

James Wyke looks into what happened...

Are anti-virus testers measuring the right things?

Are AV testers measuring the right things?

Do we measure resilience? What aspects of test sample selection may bias results? What are the methods used in a field-trial of anti-malware? These were among the presentations at the first Workshop on Anti-Malware Testing Research (WATeR), where we looked at the sort of things current tests of anti-malware solutions reveal, and some things they do not.

Cyber criminals have no borders, so neither should we

Cyber criminals have no borders, so neither should we

Rob Forsyth takes a look at the efforts of the Australian and New Zealand governments in tackling cyber security awareness, and highlights the work needed by global providers of security products to create a united front, unhindered by national barriers.

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Assessing the impact of the Blackhole arrests


News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.

Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"

Fraser Howard of SophosLabs looks at the data...

SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

Sophos has a larger than normal presense this week at the Virus Bulletin Conference in Berlin, Germany. Research presented includes bot nets, rootkits, Android and even techniques we can use to better protect others.

Who is SophosLabs: Vincent Lynch, Senior Threat Researcher

Who is SophosLabs: Vincent Lynch

SophosLabs is at the center of Sophos. It's the place where highly skilled experts in the field work round the clock to build protection from the latest threats. But what sort of people work there?

Who is SophosLabs: Rowland Yu

Who is SophosLabs

In our latest look at the people behind SophosLabs, we talk to Rowland Yu about his recommendations for those trying to get into computer security, his favorite book and how he's great at cooking chinese food.

Who is SophosLabs: Peter Szabo, Senior Threat Researcher

Who is SophosLabs

In our latest delve into the minds behind SophosLabs, Peter Szabo talks about how the problem with malware isn't going away any time soon. He also reveals that he's a "digital hermit" and stays far far away from Facebook.

Monday review - the hot 21 stories of the week

Did you miss anything in the past week?

Here's a recap of the hot 21 stories of the past seven days, so you can catch up quickly!

ZeroAccess malware revisited - new version yet more devious


Guess what? The authors of the infamous ZeroAccess malware have pushed out another update, and this time they're using some interesting techniques to stay alive longer.

James Wyke of SophosLabs explains...

Monday review - the hot 20 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Who is SophosLabs: James Wyke, Senior Threat Researcher

Who is SophosLabs

In the third post in our ‘Who is SophosLabs’ series, threat researcher James Wyke discusses the challenge of securing a mobile distributed workforce and his tips on how to stay safe online. We think he's joking about living in a bunker...

Monday review - the hot 18 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

A look at Point of Sale RAM scraper malware and how it works

Malware that attacks point-of-sale systems - how it works

A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.. In this article, Numaan Huq from SophosLabs takes a step back from the technical details and looks at the evolution of these PoS RAM scrapers.

Monday review - the hot 15 stories of the week

Monday review

Missed anything last week? Catch up with everything we talked about with this handy weekly roundup.

Who is SophosLabs: Joanne Garvey, Threat Researcher

Who is SophosLabs

In the second post in our ‘Who is SophosLabs’ series, threat researcher Joanne Garvey reveals how she protects her information online, why she has no time for hobbies, and her fascination with chaos theory.