SophosLabs

(get it in RSS or Atom)

Reveton ransomware gang arrested by Spanish police

by Carole Theriault on February 14, 2013 | 7 Comments
Reveton malware gang arrested by Spanish police

The Spanish police have arrested 11 individuals suspected of being members of the infamous Reveton ransomware gang.

Malware injected into legitimate JavaScript code on legitimate websites

by Paul Baccas on February 13, 2013 | 18 Comments
Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Whitepaper: Security questions for your web hosting provider

by Richard Wang on February 7, 2013 | 2 Comments
Whitepaper: Security questions for your web hosting provider

Here are 10 questions you should be asking your hosting provider about features and services that will help to keep your site secure, covering general security practices, application security and operation of the site itself.

Point of sale devices and Canadian banks targeted by Citadel malware variant

by James Wyke on January 28, 2013 | 1 Comment
Point of sale devices and Canadian banks targeted by Citadel malware variant

A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke.

CAN-SPAM spammers with a sense of humor

by Richard Wang on January 26, 2013 | 7 Comments
Spam cloud

SophosLabs researcher Richard Wang ran into a unusual opt-out disclaimer earlier today in an email message. It would appear that this spammer has a sense of humor and is polite to boot!

Technical paper: Deeper inside the Blackhole exploit kit

by Fraser Howard on January 16, 2013 | Leave a comment
Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

A chink in Android Armour

by Vanja Svajcer on January 10, 2013 | 8 Comments
AppArmorInstall250-2

SophosLabs process thousands of Android apps daily with many applications approaching the fine line between the completely legitimate and potentially unwanted applications.

Android Armour a premium priced security app was particularly well represented in the incoming stream of samples. Vanja Svajcer investigates why.

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

by Fraser Howard on January 10, 2013 | 35 Comments
rushingmancartoon

In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.

Smart octogenarian foils scammer who said he would buy item via PayPal

by Richard Wang on January 7, 2013 | 19 Comments
Smart octagenrian foils scammer who said he would buy item via PayPal

A man in his eighties tries to sell a generator for his friend online.

When a potential buyer asks to send his payment through via PayPal - what could possibly go wrong?

PowerPoint about the Mayan "end of the world" secretly boobytrapped with malware

by Chester Wisniewski on December 20, 2012 | Leave a comment
Owly-250

Interested in the buzz around the Mayan calendar ceasing to increment after December 21st, 2012? Don't go looking for presentations about the topic, you might be in for a nasty surprise.

Sudoku and malware with your coffee?

by Richard Wang on December 19, 2012 | 5 Comments
Sudoku and malware with your coffee?sudoku-250

As the end of the year approaches and things calm down around the office, what better way to while away a few minutes than with a harmless Sudoku?

Perhaps not so harmless...

Iran claims discovery of new targeted malware

by Chester Wisniewski on December 18, 2012 | 3 Comments
Target: Iran

Iran's CERT has issued a warning about a new targeted malware attack that erases hard drives. Is this really the next Stuxnet? Hardly.

Monday review - the hot 22 stories of the week

by Anna Brading on December 10, 2012 | Leave a comment

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Abuse of .EU domains by malware gangs continues despite Registrar notification

by Fraser Howard on December 5, 2012 | Leave a comment
Abuse of .eu domains continues despite Registrar notification

What do you do when attackers are abusing legitimate domain Registration services?

How do you stop or at least disrupt the malicious attacks?

Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.

Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers

by Gabor Szappanos on December 5, 2012 | 17 Comments
Who is feeding the Blackhole exploit kit?

When security researchers make available proof of concept code to demonstrate vulnerabilities, are they actually supporting the malicious exploit kit authors?

SophosLabs expert Gabor Szappanos shows that the creators of exploit kits aren't the ones discovering the zero day vulnerabilities.

The Citadel crimeware kit - under the microscope

by James Wyke on December 5, 2012 | 1 Comment
The Citadel crimeware kit - under the microscope

Ever since the source code of Zeus/Zbot leaked in May 2011, many new variants have appeared.

One particularly prevalent example is Citadel.

James Wyke of SophosLabs puts it under the microscope....

Sophos Security Threat Report 2013 - the safest and riskiest countries revealed

by Graham Cluley on December 4, 2012 | 5 Comments
Sophos Threat Report 2013

Download the free Sophos Security Threat Report, looking back over 2012 and exploring what security threats and trends we will all be facing tomorrow.

Technical paper: Journey inside the Blackhole exploit kit

by Fraser Howard on November 30, 2012 | 6 Comments
plug-hole-thumb

Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?

Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.

W32/VBNA-X worm spreads quickly through networks and removable media

by Chester Wisniewski on November 30, 2012 | 4 Comments
W32/VBNA-X worm spreads quickly through networks and removable media

A new particularly virulent version of the malware family known as W32/VBNA (also SillyFDC/Autorun) is spreading very quickly. It takes advantage of Windows Autorun and some very clever social engineering techniques to plant banking Trojans on victim computers.

SophosLabs wins coveted Swiss prize

by Chester Wisniewski on November 24, 2012 | 2 Comments
SophosLabs wins coveted Swiss prize

The Swiss are known for their prestigious and generous gifts to those who achieve what others can only imagine. SophosLabs managed to impress the committee and earn one of these coveted prizes recently.