SophosLabs

(get it in RSS or Atom)

USA is number one! (...for spam)

usa flag

USA! USA! USA! is back on top as the world’s leading spam-relaying country.

See what other countries top our 'dirty dozen' list and get the latest spam stats from SophosLabs.

Monday review - the hot 22 stories of the week

dow-250

In case you missed anything, here's everything we wrote in the past seven days.

Targeted malware attack piggybacks on Nvidia digital signature

Nvidia_thumb

Gabor Szappanos from SophosLabs takes a detailed examination of a targeted attack involving multiple stages and an innocent signed application - from the social engineering in the initial lure, to the technical capabilities of the malware it delivers.

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.

More Mac malware attacking minority groups in China

More Mac malware attacking minority groups in China

A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.

Reveton ransomware gang arrested by Spanish police

Reveton malware gang arrested by Spanish police

The Spanish police have arrested 11 individuals suspected of being members of the infamous Reveton ransomware gang.

Malware injected into legitimate JavaScript code on legitimate websites

Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Whitepaper: Security questions for your web hosting provider

Whitepaper: Security questions for your web hosting provider

Here are 10 questions you should be asking your hosting provider about features and services that will help to keep your site secure, covering general security practices, application security and operation of the site itself.

Point of sale devices and Canadian banks targeted by Citadel malware variant

Point of sale devices and Canadian banks targeted by Citadel malware variant

A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke.

CAN-SPAM spammers with a sense of humor

Spam cloud

SophosLabs researcher Richard Wang ran into a unusual opt-out disclaimer earlier today in an email message. It would appear that this spammer has a sense of humor and is polite to boot!

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

A chink in Android Armour

AppArmorInstall250-2

SophosLabs process thousands of Android apps daily with many applications approaching the fine line between the completely legitimate and potentially unwanted applications.

Android Armour a premium priced security app was particularly well represented in the incoming stream of samples. Vanja Svajcer investigates why.

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

rushingmancartoon

In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.

Smart octogenarian foils scammer who said he would buy item via PayPal

Smart octagenrian foils scammer who said he would buy item via PayPal

A man in his eighties tries to sell a generator for his friend online.

When a potential buyer asks to send his payment through via PayPal - what could possibly go wrong?

PowerPoint about the Mayan "end of the world" secretly boobytrapped with malware

Owly-250

Interested in the buzz around the Mayan calendar ceasing to increment after December 21st, 2012? Don't go looking for presentations about the topic, you might be in for a nasty surprise.

Sudoku and malware with your coffee?

Sudoku and malware with your coffee?sudoku-250

As the end of the year approaches and things calm down around the office, what better way to while away a few minutes than with a harmless Sudoku?

Perhaps not so harmless...

Iran claims discovery of new targeted malware

Target: Iran

Iran's CERT has issued a warning about a new targeted malware attack that erases hard drives. Is this really the next Stuxnet? Hardly.

Monday review - the hot 22 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Abuse of .EU domains by malware gangs continues despite Registrar notification

Abuse of .eu domains continues despite Registrar notification

What do you do when attackers are abusing legitimate domain Registration services?

How do you stop or at least disrupt the malicious attacks?

Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.

Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers

Who is feeding the Blackhole exploit kit?

When security researchers make available proof of concept code to demonstrate vulnerabilities, are they actually supporting the malicious exploit kit authors?

SophosLabs expert Gabor Szappanos shows that the creators of exploit kits aren't the ones discovering the zero day vulnerabilities.