Malware

(get it in RSS or Atom)

US local police department pays CryptoLocker ransom

Police advice if you are hit by CryptoLocker is to take it on the chin, and not to pay up.

That's a pretty hard demand to make of anyone, and all but impossible to insist on for everybody, but you would at least expect the police themselves to follow it...

CryptoLocker urgent alert - here's how YOU can help!

nca-alert-250

The UK's National Crime Agency has put out a CryptoLocker ransomware alert - the malware is still a huge problem, even after weeks of high profile coverage.

Here's what YOU can do to help prevent it...

Has Microsoft just PROVED why you should upgrade from XP?

ms-sir-250

Microsoft just published its January-to-June 2013 Security Intelligence Report.

The results seem to PROVE that you should get rid of Windows XP as soon as you can.

Paul Ducklin checks the strength of the "proof"...

Facebook privacy, Google ads, D-Link security, CryptoLocker ransom - 60 Sec Security [VIDEO]

2013-10-19-cryptolock-250

What leaves your computer standing but your data in ruins? Should Facebook teenagers be able to message the world? How can you stop Google using your photo in ads?

Find out in this week's Sophos 60 Second Security!

CryptoLocker ransomware - see how it works, learn about prevention, cleanup and recovery

clock-250

This article explains how the CryptoLocker ransomware works, including a short video showing you what it does.

The article tells you about prevention, cleanup, and recovery, and explains how to improve your security against this sort of threat in future.

Defending against web-based malware: Spot the smoke, don't wait for fire

chn-250

Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

Oracle Java fails at security in new and creative ways

CC-Oracle-PeterMakinski250

Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Whistleblower-friendly site Cryptome booted briefly offline for hosting "malicious content"

cryptome-250

US whistleblower-friendly site Cryptome recently suffered a short outage, after it was booted offline by its ISP and then let back.

Paul Ducklin looks for security lessons in the story...

Monday review - the hot 24 stories of the week

dow-250

It's Monday again, so here's a quick way to get yourself up to date with everything we've written in the last seven days.

Infecting iOS, OpenX backdoor, toilet hole, Android malware - 60 Sec Security [VIDEO]

2013-08-10-infecting-ios-250

Are Apple's iPhones really impervious to malware? What do you do if your software is pre-infected with a backdoor? What strength of password is appropriate for a toilet? And what about firmware updates for the Android code verification holes? Find out more in 60 seconds!

Android "Master Key" vulnerability - more malware exploits code verification bypass

andr-250

Researchers at SophosLabs have come across samples of Android malware exploiting the so-called "Master Key" vulnerability.

Paul Ducklin investigates and explains...

OpenX ad servers "pre-compromised" - official distro contained remote code backdoor

op--x-250

You don't always have to break into someone's web server to get them to deliver your malware for you. You can just break into the server they get their online ads from.

Or you can pre-infect the online ad server software so you can own it as soon as it is installed.

Monday review - the hot 18 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

The Dirty Dozen spamming countries - introducing the SophosLabs SPAMMIERSHIP League Tables!

spammiership-250

Once every three months, we tot up our country-by-country spamtrap statistics for the previous quarter and calculate the Dirty Dozen.

Of course, this is one "competition" in which getting promoted into the Premier Division - the SPAMMIERSHIP - is a cause for disappointment, not jubilation...

A look at Point of Sale RAM scraper malware and how it works

Malware that attacks point-of-sale systems - how it works

A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.. In this article, Numaan Huq from SophosLabs takes a step back from the technical details and looks at the evolution of these PoS RAM scrapers.

The PlugX malware factory revisited: introducing "Smoaler"

smoaler-250

Popular SophosLabs writer Gabor Szappanos is back with more insights into the Tibetan-themed Advanced Persistent Threat (APT) scene.

This time, he looks at Smoaler, a new cousin of the PlugX family that starts off like what we've seen before, before branching off in new ways.

Keyjacking, Ubisoft data breach, Apple QuickTime holes - 60 Sec Security [VIDEO]

Here's the first 60 Second Security video of July, looking into some of the intriguing and interesting security stories of the past week.

Neatly compressed into a minute of video, why not give it a whirl?

Retired, top-ranking US military officer is now Stuxnet leak suspect

Retired, top-ranking US military officer is now Stuxnet leak suspect

Former US Gen James Cartwright, once a trusted member of the president's national security team and the reputed brains behind operation Olympic Games, has been told he's under investigation for leaking information about this very operation.

Facebook leak, Canadian spam, Opera breach - 60 Sec Security [VIDEO]

2013-06-29-breaches-250

It's Saturday, and that means *60 Second Security*, where we aim to touch on some of the more thought-provoking security topics of the past week in just one minute of video.

Why not give this week's video a go?

Opera breached, has code cert stolen, possibly spreads malware - advice on what to do

Norwegian-based browser maker Opera has announced a network intrusion.

Users *may* have been infected with malware by an Opera update.

Paul Ducklin offers advice on what to do...