Malware

(get it in RSS or Atom)

Return of the Android SMS virus - self-spreading "Selfmite" worm comes back for more

slfm-250

Back in June 2014, we wrote about an Android virus that worked a bit like the email worms of the early 2000s.

Well, that Android virus has made a comeback, and this variant is both pushier and more flexible than before...

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

Point-of-Sale vendor loses password, causes breaches at 324 US restaurants

In its own words, a US point-of-sale vendor "acts to Block Payment Card Security Incident."

Bit late for the 324 restaurants that were breached for between 3 days and 3 months in the incident...

From the Labs: VBA is definitely not dead - in fact, it's undergoing a resurgence

Fake Sophos Encryption

Our most recent detection statistics show that using Visual Basic code in malicious documents is a trend on the rise. So why have malware authors turned to Visual Basic to do their bidding?

Home Depot says, "Er, yes, we did have a breach actually"‏

Home Depot

Just how big and bad it will turn out to be is still unknown...all we know so far is that Home Depot has officially confirmed that, yes, there was indeed a breach.

Massive cyber attack on oil and energy industry in Norway

Massive cyber attack on 300 Norwegian oil and energy industry

As many as 300 oil and energy companies have been targeted in the largest ever coordinated cyber attack in Norway.

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

"You're under arrest for possession of an insecure phone" - 60 Sec Security [VIDEO]

Here's this week's 60 Second Security video.

News you can use in a format you can enjoy...all in 60 seconds!

Apple iOS malware gets onto 75,000 iPhones, steals ad clicks

ios-mal-250

Apple keeps iOS locked down, so malware on iPhones and iPads is very rare.

But iOS malware does happen, and this one is called "AdThief" because that's exactly what it does - steals ad click revenue...

SSCC161 - What do you mean, "Trade him for Edward Snowden"? [PODCAST]

Here's the latest Chet Chat security podcast!

Sophos experts Chester Wisniewski and Paul Ducklin once again turn plain old news into advice you can use.

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Android "Heart App" virus spreads quickly, author arrested within 17 hours

Q. How to attract the attention of the police if you're a bored student on summer vacation?

A. Write a virus that unleashes 20,000,000 SMSes, infects 100,000 devices, and steals personal data...

The data breach apocalypse that wasn't - 60 Sec Security [VIDEO]

Malware, spam and hacking - and not all bad news, either!

Watch 60 Second Security for Aug 9, 2014...

SSCC 159 - What can we learn from the "honeybot"? [PODCAST]

For your listening pleasure!

Here's this week's episode of the Sophos Security Chet Chat podcast...

Bad passwords on PoS terminals lead to card stealing Backoff malware

MS-RDP250

This time the crooks are distributing their point-of-sale malware through remote control applications like Microsoft's RDP. No exploits, no social engineering, just good, old-fashioned password guessing.

"BadUSB" - what if you could never trust a USB device again?

usb-tangle-250

Imagine if you had to throw away your USB devices after letting someone else use them...

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

It's all about trust! 60 Sec Security [VIDEO]

Watch 60 Second Security for 19 July 2014 - it's all about trust!