A type of data-stealing malware called Vawtrak is spreading in countries around the world, controlling thousands of computers while silently draining the bank accounts of its victims.
Analysis of the malware by James Wyke, Senior Threat Researcher with SophosLabs UK, indicates that the people behind Vawtrak are targeting banks and other companies in a very methodical way in a number of countries, including some that aren’t commonly targeted by banking malware.
In his fascinating new research paper on the subject, Vawtrak – International Crimeware-as-a-Service, James enlightens us about the mechanics of this cybercriminal enterprise, and the steps taken by this crafty and deceptive malware as it steals account details and transaction tokens directly from victims when they visit the websites of their financial institutions.
After a year of big data breaches like Home Depot and Sony, and widespread security vulnerabilities in our shared software, which spawned the likes of Heartbleed and Shellshock, it’s easy to predict that cyber security will be a hot topic in 2015.
Our new Security Threat Trends 2015 report investigates the biggest security risks on the horizon and explains the real-world impact of evolving threats on businesses and consumers.
Here are the 10 things we believe will have the biggest impact on security in 2015 and beyond.
In our 2014 Threat Report, we noted that snowshoe spam was gaining popularity amongst spammers using new techniques to evade detection and sneak through loopholes in anti-spam laws. Over the last several months, we’ve noticed the volume of snowshoe spam continuing to build at a tremendous pace.
Snowshoe spam is essentially unsolicited bulk email. And it’s been effective, because like a snowshoe, it spreads the load across a large area. In this case, distributing spam across a huge range of IP addresses many of which are used briefly, and only once, sending out massive volumes of spam in very short bursts. The temporary aspect of these campaigns has also given rise to the term ‘hit-and-run’ spam. Naturally, this technique makes it challenging for filters to determine spam based on reputation.
We took our Warbiking tour to San Diego to raise awareness about wireless security, and we discovered that people in this high-tech city are connecting to thousands of unprotected wireless networks.
San Diego is a very technology-focused place, with lots of people connecting their mobiles and laptops to Wi-Fi hotspots around the city. And much like other cities we’ve visited such as New York and London, people may be unaware of the worrisome lack of security on many of these hotspots.
Chester Wisniewski, Sophos Senior Security Advisor, toured the city on his specially-equipped bike, picking up the signals of 8,048 Wi-Fi networks, to find out what kind of security they were using.
If you want to help stop cybercrime and protect yourself from malware threats at the same time, today is a perfect day to do it: Kill a Zombie Day.*
We’re not talking about the kind of zombie you see in cult movies like Dawn of the Dead. No, these zombies are malicious programs that take control of your computer and turn it into an undead walker in the army of a cybercriminal.
The first step in killing a zombie is finding out if your computer is infected with malware or viruses. You can do that by downloading our free Virus Removal Tool and running it.
The tool will automatically grab the latest virus detection identities from Sophos and scan your computer’s memory and hard disk for malware. If you do find any zombies, the Virus Removal Tool will clean them up for you, too.
An advanced persistent threat (APT) malware campaign seen in August and September 2014 is the subject of new research by one of our threat analysts at SophosLabs.
Sophos is calling this malware campaign “Rotten Tomato,” in reference to the Tomato Garden campaign; and because some of the samples were rotten in the sense that they were not effectively executed.
In a new technical paper on the threat, Principal Threat Researcher Gabor Szappanos, of SophosLabs Hungary, writes an interesting dive into the world of the attackers, examining the malware used by cybercriminals in these attacks, and shows how several different groups used the same zero-day Microsoft Word exploit.
Malware is constantly getting smarter and harder to detect. Now malware authors are developing new techniques to avoid not just antivirus, but the environments used by security researchers to analyze malware samples, according to new research from SophosLabs.
James Wyke, Senior Threat Researcher with SophosLabs UK, will be presenting his research on these techniques at the Virus Bulletin 2014 conference in Seattle, running 24-26 September.
In a preview of his presentation, James writes at Naked Security that his paper explores several malware families and a variety of techniques used to throw researchers off the trail.