SophosLabs

(get it in RSS or Atom)

Spicing up phishing attacks

Spicing up phishing attacks

Phishing is often regarded as old hat. From a technical perspective, it's a case of 'been there, done that'. Sometimes however, we come across attacks that are just a little bit more interesting (or at least different) from the norm.

Monday review - the hot 21 stories of the week

Monday review - the hot stories of the week

It's weekly roundup time. Here's all the great stuff we've written in the past seven days.

Monday review - the hot 32 stories of the week

Monday review - the hot stories of the week

It's that time of the week again - here's your roundup of everything we wrote in the last seven days.

Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules

Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules

SophosLabs has been tracking an infection of Mal/Iframe-AL on Seagate's blog since late February.

Are you taking enough care of your company's websites?

Oh dear. SophosLabs has upset some malware authors

Oh dear. SophosLabs has upset some malware authors

Sometimes an insult can be amusing.. and even strangely complimentary.

Here's something which raised a smile for researchers at SophosLabs.

Monday review - the hot 26 stories of the week

dow-250

In case you missed it: Here's everything we wrote last week.

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.

Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.

Russian ransomware takes advantage of Windows PowerShell

Russian flag eye

What's a reasonable price to pay to get your data safely returned to you from the guys who stole it?

How about 10,000 Rubles? No?

According to the cybercriminals behind this new ransomware targeting Russians, the answer is "да".

USA is number one! (...for spam)

usa flag

USA! USA! USA! is back on top as the world’s leading spam-relaying country.

See what other countries top our 'dirty dozen' list and get the latest spam stats from SophosLabs.

Monday review - the hot 22 stories of the week

dow-250

In case you missed anything, here's everything we wrote in the past seven days.

Targeted malware attack piggybacks on Nvidia digital signature

Nvidia_thumb

Gabor Szappanos from SophosLabs takes a detailed examination of a targeted attack involving multiple stages and an innocent signed application - from the social engineering in the initial lure, to the technical capabilities of the malware it delivers.

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.

More Mac malware attacking minority groups in China

More Mac malware attacking minority groups in China

A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.

Reveton ransomware gang arrested by Spanish police

Reveton malware gang arrested by Spanish police

The Spanish police have arrested 11 individuals suspected of being members of the infamous Reveton ransomware gang.

Malware injected into legitimate JavaScript code on legitimate websites

Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Whitepaper: Security questions for your web hosting provider

Whitepaper: Security questions for your web hosting provider

Here are 10 questions you should be asking your hosting provider about features and services that will help to keep your site secure, covering general security practices, application security and operation of the site itself.

Point of sale devices and Canadian banks targeted by Citadel malware variant

Point of sale devices and Canadian banks targeted by Citadel malware variant

A new variant of the prevalent Citadel crimeware kit has been discovered to target Point of Sale (POS) devices. Find out more, in this analysis from SophosLabs expert James Wyke.

CAN-SPAM spammers with a sense of humor

Spam cloud

SophosLabs researcher Richard Wang ran into a unusual opt-out disclaimer earlier today in an email message. It would appear that this spammer has a sense of humor and is polite to boot!

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

A chink in Android Armour

AppArmorInstall250-2

SophosLabs process thousands of Android apps daily with many applications approaching the fine line between the completely legitimate and potentially unwanted applications.

Android Armour a premium priced security app was particularly well represented in the incoming stream of samples. Vanja Svajcer investigates why.