(get it in RSS or Atom)

Jail for Russian man who distributed Citadel banking malware to thousands


Dimitry Belorossov infected 7000 computers with the notorious Citadel banking malware, which he used to steal banking credentials.

Why Word "macro malware" is back, and what you can do about it...

Cybercrooks have been getting back into VBA malware, or "macro viruses," as they used to be called.

We explain why, and give you 2 tips on what to do.

Virus Bulletin Conference - what's changed in 25 years?


The discipline of computer security is barely a few decades old, yet the threats we face have already changed beyond belief. Virus Bulletin's Martijn Grooten takes a look back, and forward.

Cybersquatter frenzy as Google becomes Alphabet without owning


Google's big announcement this Monday that it was creating a new holding company called Alphabet took the business world by surprise, and cybersquatters have moved in to exploit confusion about the Alphabet domain name and website.

Black Hat 2015 - get your FREE SOCKS :-)

We don't mean to be crassly commercial - and we aren't - but if you're attending Black Hat 2015, be sure to check out our socks.

Blue Screen of Death socks...for real!

Practical IT: Beware these 3 web security myths


To catch the bad stuff, keep your users productive, and cut down on time cleaning up compromised computers, here are our recommendations for getting web security right.

Buh-bye Beebone! Law enforcement kills polymorphic virus-spreading botnet


International law enforcement activity has taken out the botnet used by the Beebone worm - polymorphic malware that threatened thousands of computers worldwide.

Botnet? Polymorphic? Downloader? We explain ...

TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"


TeslaCrypt is a new ransomware that goes above and beyond CryptoLocker in the types of files it seeks out to hold for ransom, including those related to video games.

SophosLabs dug in to find out what TeslaCrypt has in store for gamers, and everyone else.

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp

Ramnit botnet

In an international operation coordinated with multiple law enforcement and industry partners, Europol led a takedown of the infrastructure of the Ramnit botnet that infected 3.2 million Windows computers.

From the Labs: more advances in Advanced Persistent Threats


SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

ZeroAccess click fraud botnet coughs back to life


The once-mighty "ZeroAccess" botnet is now only a shadow of its former self, but its reputation alone still makes it a headline grabber...

From the Labs: VBA is definitely not dead - in fact, it's undergoing a resurgence

Fake Sophos Encryption

Our most recent detection statistics show that using Visual Basic code in malicious documents is a trend on the rise. So why have malware authors turned to Visual Basic to do their bidding?

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

From the Labs: PlugX - the next generation

X. Image courtesy of Shutterstock

In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.

Have we seen the end of the ZeroAccess botnet?


Since Microsoft took positive action against the ZeroAccess botnet at the beginning of December, SophosLabs has been paying close attention to see if the owners would attempt to revitalise the botnet and return it to profitability.

James Wyke looks into what happened...

Are anti-virus testers measuring the right things?

Are AV testers measuring the right things?

Do we measure resilience? What aspects of test sample selection may bias results? What are the methods used in a field-trial of anti-malware? These were among the presentations at the first Workshop on Anti-Malware Testing Research (WATeR), where we looked at the sort of things current tests of anti-malware solutions reveal, and some things they do not.

Cyber criminals have no borders, so neither should we

Cyber criminals have no borders, so neither should we

Rob Forsyth takes a look at the efforts of the Australian and New Zealand governments in tackling cyber security awareness, and highlights the work needed by global providers of security products to create a united front, unhindered by national barriers.

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Assessing the impact of the Blackhole arrests


News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.

Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"

Fraser Howard of SophosLabs looks at the data...

SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

Sophos has a larger than normal presense this week at the Virus Bulletin Conference in Berlin, Germany. Research presented includes bot nets, rootkits, Android and even techniques we can use to better protect others.