SophosLabs

(get it in RSS or Atom)

Monday review - the hot 26 stories of the week

dow-250

In case you missed it: Here's everything we wrote last week.

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.

Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.

Russian ransomware takes advantage of Windows PowerShell

Russian flag eye

What's a reasonable price to pay to get your data safely returned to you from the guys who stole it?

How about 10,000 Rubles? No?

According to the cybercriminals behind this new ransomware targeting Russians, the answer is "да".

USA is number one! (...for spam)

usa flag

USA! USA! USA! is back on top as the world’s leading spam-relaying country.

See what other countries top our 'dirty dozen' list and get the latest spam stats from SophosLabs.

Monday review - the hot 22 stories of the week

dow-250

In case you missed anything, here's everything we wrote in the past seven days.

Targeted malware attack piggybacks on Nvidia digital signature

Nvidia_thumb

Gabor Szappanos from SophosLabs takes a detailed examination of a targeted attack involving multiple stages and an innocent signed application - from the social engineering in the initial lure, to the technical capabilities of the malware it delivers.

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.

More Mac malware attacking minority groups in China

More Mac malware attacking minority groups in China

A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.

Reveton ransomware gang arrested by Spanish police

Reveton malware gang arrested by Spanish police

The Spanish police have arrested 11 individuals suspected of being members of the infamous Reveton ransomware gang.

Malware injected into legitimate JavaScript code on legitimate websites

Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Whitepaper: Security questions for your web hosting provider

Whitepaper: Security questions for your web hosting provider

Here are 10 questions you should be asking your hosting provider about features and services that will help to keep your site secure, covering general security practices, application security and operation of the site itself.

Point of sale devices and Canadian banks targeted by Citadel malware variant

Point of sale devices and Canadian banks targeted by Citadel malware variant

A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke.

CAN-SPAM spammers with a sense of humor

Spam cloud

SophosLabs researcher Richard Wang ran into a unusual opt-out disclaimer earlier today in an email message. It would appear that this spammer has a sense of humor and is polite to boot!

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

A chink in Android Armour

AppArmorInstall250-2

SophosLabs process thousands of Android apps daily with many applications approaching the fine line between the completely legitimate and potentially unwanted applications.

Android Armour a premium priced security app was particularly well represented in the incoming stream of samples. Vanja Svajcer investigates why.

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B

rushingmancartoon

In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.

Smart octogenarian foils scammer who said he would buy item via PayPal

Smart octagenrian foils scammer who said he would buy item via PayPal

A man in his eighties tries to sell a generator for his friend online.

When a potential buyer asks to send his payment through via PayPal - what could possibly go wrong?

PowerPoint about the Mayan "end of the world" secretly boobytrapped with malware

Owly-250

Interested in the buzz around the Mayan calendar ceasing to increment after December 21st, 2012? Don't go looking for presentations about the topic, you might be in for a nasty surprise.

Sudoku and malware with your coffee?

Sudoku and malware with your coffee?sudoku-250

As the end of the year approaches and things calm down around the office, what better way to while away a few minutes than with a harmless Sudoku?

Perhaps not so harmless...

Iran claims discovery of new targeted malware

Target: Iran

Iran's CERT has issued a warning about a new targeted malware attack that erases hard drives. Is this really the next Stuxnet? Hardly.