Malware

(get it in RSS or Atom)

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

It's all about trust! 60 Sec Security [VIDEO]

60ss-video-250

Watch 60 Second Security for 19 July 2014 - it's all about trust!

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

"Gameover" malware returns from the dead...

In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether.

Bad news - it looks as though Gameover is back...

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

chet-chat-logo-featured-250

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Remember macro viruses? Infected Word and Excel files? They're back...

vba-wordexcel-250

In 1995, a macro virus called Concept changed the malware landscape completely for several years.

Infected Word and Excel files finally died out in the early 2000s, but as SophosLabs researcher Gabor Szappanos explains...they're back!

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

From the Labs: PlugX - the next generation

X. Image courtesy of Shutterstock

In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

SSCC 152 - PF Chang's, TrueCrypt (still!), the Twitter worm and the cost of scammers [PODCAST]

chet-chat-logo-featured-250

Sophos security experts Chester Wisniewski and Paul Ducklin turn their attention on the week's security news.

As usual, they extract plenty of useful lessons during their insightful dissection of the latest issues...

Gameover and CryptoLocker revisited - the important lessons we can learn

gocl-robot-250

Which is worse - Gameover or CryptoLocker?

What can we learn from the recent US-led takedown of this notorious crimeware?

More importantly, what advice should we be passing on to other people?

SSCC 150 - TrueCrypt, Gameover, CryptoLocker and whither mobile malware? [PODCAST]

sscc150-thumb-250

This week, Chet and Duck dig into the bafflement of the disappearing TrueCrypt encryption software: did it jump, or was it pushed?

They also look at the takedown of Gameover and CryptoLocker, and look into what we can learn from ten years of mobile malware.

Unhappy birthday to you - mobile malware turns 10

10yomm-feat-3-250

It's 10 years since June 2004, when the first mobile malware appeared.

We don't want to *celebrate* this anniversary, you understand, but we thought we'd look back to see what we can learn...

Breach at eBay, bugs in Chip-and-PIN, busts for Blackshades - 60 Sec Security [VIDEO]

2014-05-24-thumb-250

Will the breach at eBay beat Adobe for size? Is Chip and PIN really as safe as they say? How many countries took action busting malware crooks?

All the answers in 60 Sec Security for 24 May 2014...

First Aid for Android: How to unlock your ransomed phone

first-aid-android-250

What do you do when your Android device freezes or locks up so you can't do anything useful...especially if it wants $300 to let you get back to work?

Here's an Android troubleshooting technique for emergencies of this sort...

Anti-piracy group warns about malware-riddled sites - fair, or scaremongering?

piracy-ss_114598654-250

According to a study carried out by Incopro and published the Industry Trust, all but 1 of 30 sites investigated served malware, potentially unwanted software or some form of credit card fraud. But the report has been described by some as "biased", "misleading" and "scaremongering through carefully chosen statistics".

Monday review - the hot 26 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

SSCC 144 - iOS malware, fingerprint security, WhatsApp privacy, hacking the taxman [PODCAST]

sscc-144-thumb-250

How bad is the risk from iOS malware? What's the state of play in fingerprint security? Should you trust mobile apps? Is it wise to hack the taxman? What if Brian Krebs calls to warn you've been pwned?

Chet and Duck turn their wit and insight on the week's news...