(get it in RSS or Atom)

TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"


TeslaCrypt is a new ransomware that goes above and beyond CryptoLocker in the types of files it seeks out to hold for ransom, including those related to video games.

SophosLabs dug in to find out what TeslaCrypt has in store for gamers, and everyone else.

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp

Ramnit botnet

In an international operation coordinated with multiple law enforcement and industry partners, Europol led a takedown of the infrastructure of the Ramnit botnet that infected 3.2 million Windows computers.

From the Labs: more advances in Advanced Persistent Threats


SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

ZeroAccess click fraud botnet coughs back to life


The once-mighty "ZeroAccess" botnet is now only a shadow of its former self, but its reputation alone still makes it a headline grabber...

From the Labs: VBA is definitely not dead - in fact, it's undergoing a resurgence

Fake Sophos Encryption

Our most recent detection statistics show that using Visual Basic code in malicious documents is a trend on the rise. So why have malware authors turned to Visual Basic to do their bidding?

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

From the Labs: PlugX - the next generation

X. Image courtesy of Shutterstock

In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.

Have we seen the end of the ZeroAccess botnet?


Since Microsoft took positive action against the ZeroAccess botnet at the beginning of December, SophosLabs has been paying close attention to see if the owners would attempt to revitalise the botnet and return it to profitability.

James Wyke looks into what happened...

Are anti-virus testers measuring the right things?

Are AV testers measuring the right things?

Do we measure resilience? What aspects of test sample selection may bias results? What are the methods used in a field-trial of anti-malware? These were among the presentations at the first Workshop on Anti-Malware Testing Research (WATeR), where we looked at the sort of things current tests of anti-malware solutions reveal, and some things they do not.

Cyber criminals have no borders, so neither should we

Cyber criminals have no borders, so neither should we

Rob Forsyth takes a look at the efforts of the Australian and New Zealand governments in tackling cyber security awareness, and highlights the work needed by global providers of security products to create a united front, unhindered by national barriers.

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

Assessing the impact of the Blackhole arrests


News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.

Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"

Fraser Howard of SophosLabs looks at the data...

SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

Sophos has a larger than normal presense this week at the Virus Bulletin Conference in Berlin, Germany. Research presented includes bot nets, rootkits, Android and even techniques we can use to better protect others.

Who is SophosLabs: Vincent Lynch, Senior Threat Researcher

Who is SophosLabs: Vincent Lynch

SophosLabs is at the center of Sophos. It's the place where highly skilled experts in the field work round the clock to build protection from the latest threats. But what sort of people work there?

Who is SophosLabs: Rowland Yu

Who is SophosLabs

In our latest look at the people behind SophosLabs, we talk to Rowland Yu about his recommendations for those trying to get into computer security, his favorite book and how he's great at cooking chinese food.

Who is SophosLabs: Peter Szabo, Senior Threat Researcher

Who is SophosLabs

In our latest delve into the minds behind SophosLabs, Peter Szabo talks about how the problem with malware isn't going away any time soon. He also reveals that he's a "digital hermit" and stays far far away from Facebook.

Monday review - the hot 21 stories of the week

Did you miss anything in the past week?

Here's a recap of the hot 21 stories of the past seven days, so you can catch up quickly!

ZeroAccess malware revisited - new version yet more devious


Guess what? The authors of the infamous ZeroAccess malware have pushed out another update, and this time they're using some interesting techniques to stay alive longer.

James Wyke of SophosLabs explains...

Monday review - the hot 20 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Who is SophosLabs: James Wyke, Senior Threat Researcher

Who is SophosLabs

In the third post in our ‘Who is SophosLabs’ series, threat researcher James Wyke discusses the challenge of securing a mobile distributed workforce and his tips on how to stay safe online. We think he's joking about living in a bunker...