SophosLabs

(get it in RSS or Atom)

A look at Point of Sale RAM scraper malware and how it works

by Numaan Huq on July 16, 2013 | 10 Comments

Malware that attacks point-of-sale systems - how it works

A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.. In this article, Numaan Huq from SophosLabs takes a step back from the technical details and looks at the evolution of these PoS RAM scrapers.

Monday review - the hot 15 stories of the week

by Anna Brading on July 15, 2013 | Leave a comment

Missed anything last week? Catch up with everything we talked about with this handy weekly roundup.

Who is SophosLabs: Joanne Garvey, Threat Researcher

by Maxim Weinstein on July 8, 2013 | 1 Comment

In the second post in our ‘Who is SophosLabs’ series, threat researcher Joanne Garvey reveals how she protects her information online, why she has no time for hobbies, and her fascination with chaos theory.

Monday review - the hot 16 stories of the week

by Anna Brading on July 8, 2013 | Leave a comment

Catch up with everything we've written in the last seven days - it's weekly roundup time.

The four seasons of Glazunov: digging further into Sibhost and Flimkit

by Fraser Howard on July 2, 2013 | 2 Comments

Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.

Taking a closer look at the Glazunov exploit kit

by Fraser Howard on June 24, 2013 | 2 Comments

In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.

Who is SophosLabs: Numaan Huq, Threat Researcher

by Maxim Weinstein on June 24, 2013 | 7 Comments

SophosLabs is at the centre of Sophos. It's where highly skilled analysts work round the clock to build protection from the latest threats. But what kind of people work there?

Monday review - the hot 16 stories of the week

by Anna Brading on June 17, 2013 | Leave a comment

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Was Microsoft's takedown of Citadel effective?

by James Wyke on June 12, 2013 | 2 Comments

Last week, Microsoft took aim at more than 1,400 Citadel botnets by sinkholing their command and control infrastructure.

What was the actual effect of this takedown? SophosLabs takes a look...

Guntior bootkit up to new tricks

by Ahmed Zaki on June 12, 2013 | Leave a comment

A technical analysis of the Guntior bootkit and its DLL load order abuse of the Windows Help Center.

Monday review - the hot 21 stories of the week

by Anna Brading on May 27, 2013 | Leave a comment

Catch up with everything we've written in the last seven days - it's weekly roundup time.

A closer look at the malicious Redkit exploit kit

by Fraser Howard on May 9, 2013 | 6 Comments

In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.

Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.