Black Hat 2015 – get your FREE SOCKS :-)


Are you in Las Vegas?

(Don’t panic: this isn’t the start of a song.)

If so, are you attending Black Hat USA 2015?

Then be sure to stop by at Booth #452 to say “Hi” to the Sophos folks.

Naked Security writer and Chet Chat podcaster Chester Wisniewski will be teaming up on the booth with Simon Reed, the Head of SophosLabs.

They’ll be doing joint presentations at the following times:

• Wednesday, August 5, 2015 @ 14:25 (2.45pm)

• Thursday, August 6, 2015 @ 10:30 (10.30am)

Their topic builds on the report we discussed in our recent “When Penguins Attack” podcast, and is entitled The Infected Web – Status Report From the Front Line.


Malware on Linux – When Penguins Attack

(Audio player not working? Download MP3, listen on Soundcloud, or read the transcript.)

If you’ve listened to the “Penguins” podcast, you’ll know that Chester needed to extract just a week’s worth of SophosLabs data to acquire a list of 178,000 newly-infected web pages.

As Chester recounts in the podcast, his main concern during his research was that the sites he was looking into would be cleaned up by the time he visited, leaving him nothing malicious to measure any more.

Of course, with 25,000 newly-malicious pages a day, sites that are cleaned up within a few days, or even a few hours, can still serve the crooks perfectly well.

For a short-lived malware distribution campaign, or as the destination bait-and-switch pages for a spam run, even a few hours of illicit service “borrowed” from a legitimate site is gold to the Bad Guys.

But it was much worse – much, much worse – than that, with most sites still infected a week later, and many showing signs of having been infected (or, more precisely, infectious) for a year or more.

So, stop by at the Sophos booth for a glimpse into how to build a Lab full of experts to take the fight back to the crooks.

The first 25 people to arrive each day will receive a T-shirt!

We’ll also be doing live demos relating to malware and malware research (not demos of our products).

And we’ll be giving away our outrageously cool and popular Sophos socks, tattoos and laptop stickers, while supplies last.

→ I’m not 100% sure, but I think the Sophos tattoos can be removed before you leave Nevada, unlike the more traditional sort of Vegas tattoo. But please check before proceeding.

If you aren’t in Vegas, or if we run out of socks and stickers before you get to the booth, you can always buy your own at the Sophos Store.

For those about to code, we salute you.