Malware targeting financial accounts is increasingly borrowing techniques formerly seen only in targeted attacks designed for espionage and intelligence gathering, according to new research from SophosLabs.
These techniques, including the use of booby-trapped Word documents, had been telltale signs of so-called advanced persistent threats (APTs). But our research shows that cybercriminals behind financial malware such as Zbot (Zeus) are now borrowing the same malware techniques to make money.
We often talk about inanimate things as if they live and die — maybe to feel better about them having power over us. Just look at Windows XP, which is now on extended life support until Microsoft finally pulls the plug in April, and which critics would gladly see die.
On Patch Tuesday in April, Microsoft will officially end support for the aging Windows XP with its final security patch. But with millions of people still relying on this long-in-the-tooth operating system, will it live on even after Microsoft has essentially killed it off?
Along these same lines, one of our superb researchers at SophosLabs discovered recently a new variant of the Gameover banking Trojan that borrows code from a rootkit in order to stay hidden, making it much harder to kill. And when it comes to matters of crime and punishment, some cybercriminals are finding that their malicious code will live long after they have gone away.
U.S. beauty supply chain Sally Beauty is apparently the latest victim of a credit card data breach, according to security blogger Brian Krebs, who discovered a new batch of credit card numbers for sale in an underground cybercrime market that had recently been used at Sally Beauty stores.
A spokesperson for Sally Beauty said the company is investigating an intrusion of its network, but found no evidence that credit card numbers had been breached. However, several banks contacted by Krebs said they had made targeted purchases of credit card numbers from the recent online “dump” by cybercriminals to find a common source for the stolen card data — which pointed them back to Sally Beauty stores.
There’s just so much going on in the IT security world right now — from NSA spying to blockbuster data breaches — that it’s hard to say enough about it. Last week at RSA Conference 2014 in San Francisco, Sophos sparked the conversation with our exciting threat research, product development and security awareness efforts.
Our chatty experts Chester Wisniewski and John Shier spoke “live” from RSAC for a Conference Special edition of the weekly Chet Chat podcast. Leading the conversation from his remote location in Sydney, our expert host Paul Ducklin asked about this year’s most buzz-worthy words and phrases at RSA. Listen to our podcast for the word from Duck, Chet and John about the big themes of data security and privacy.
A variant of the Gameover banking malware has a newly-discovered rootkit element that works to conceal and protect the malware files on disk and in memory, making it harder to find and remove once the malware is active, according to new research from SophosLabs.
Rootkits are a type of malware designed to gain administrator privileges on infected computers, allowing attackers to modify processes that would otherwise clean up the malware. In Gameover’s case, the addition of code from a crafty rootkit called Necurs means it just became a whole lot harder to fend off. And that means the Gameover gang will have an easier time stealing data from its victims.
The Royal Mail in the UK issued a warning that a wave of spam containing fake delivery notices is spreading an unwelcome package — Cryptolocker, the notorious file-encrypting ransomware that locks up a victim’s files until a ransom is paid to the criminals.
Meanwhile, a UK research study found that a staggering 41% of Cryptolocker victims said they agreed to pay the ransom to get their files back, a percentage that the researchers said was “much larger than expected.”
Another big week for Sophos has just gone by, and our heads are still spinning. We presented ground-breaking research at not one but two big tech conferences this week — Mobile World Congress and RSA Conference 2014. We also gave RSA attendees a taste of our exciting World of Warbiking tour, launched this week in San Francisco.
On the security news front, Apple’s buggy code left OS X Mavericks users vulnerable for several days this past weekend before a patch came out on Tuesday. So one of our experts made his own unofficial patch to show us what caused the security loophole, and how it should be fixed.
It’s been 10 years since the first piece of mobile malware appeared in the wild, a worm called Cabir that infected Symbian feature phones. It’s only in the past couple of years, however, that mobile malware has come to be such a threat to everyday users.
In the past 12 months, SophosLabs has seen an alarming acceleration in the development of Android malware. The current total of 650,000+ pieces of Android malware is up by approximately 600% from last January. Check out our mobile malware timeline below for our picks for the most important developments of the past decade, from the birth of mobile malware to today.
This past weekend, Mac users were under threat from an OS X security hole that Apple had left unpatched for several days after its discovery by researchers. Sophos expert Paul Ducklin picked through the offending code, and reports at Naked Security that the bug could allow hackers to compromise unpatched OS X Mavericks users with what’s known as a Man-in-the-Middle (MiTM) attack.
Apple doesn’t usually disclose any information about vulnerabilities—not even to say whether it is working on a fix—until a security update is out. But in this case the company broke with protocol to admit the bug and promised that it would publish a patch “very soon.” Apple, late on Tuesday, released a patch for this vulnerability with update OS X 10.9.2. An update for iOS, which led to the discovery of the same flaw in OS X, is available for versions prior to iOS 6.
Before Apple could rush out its patch, Duck rustled up his own unofficial security patch, although he warns, “This isn’t a true fix—rather treat it as a handy learning exercise if you are technically keen and curious.” Read on to learn more about the coding error that leaves Mac users who don’t have this patch vulnerable.
When the first mobile malware appeared in 2004, the landscape for mobile devices was very different from today. The first iPhone, released in 2007, was still three years away; and the first Android smartphone wasn’t released for another four years, in 2008.
We know what this new generation of mobile devices has wrought—ultra-fast computing in the palm of your hand, everywhere connection, and a slew of mobile apps that enable us to do just about anything, from banking to posting on Facebook (which didn’t exist in 2004 either).
To mark the 10-year anniversary of mobile malware, we are releasing our first Mobile Security Threat Report this week at Mobile World Congress in Barcelona. This report shows that the mobile revolution is clearly in effect, and as a result, mobile malware is on the rise.