Sophos news in review: Sysmas prizes, Gameover do-over, and warbiking down under

sophos-sysadmin-throneWe have an extremely cool prize to give away as part of our celebration of the 12 Days of Sysmas. It’s called the Ultimate IT Manager’s Throne and, even if it won’t give you any real powers over your users or your bosses, it will make you feel like a king (or queen).

There’s a lot going on that demands your attention at nearly every moment, from the not-so-aware user who accidentally downloads new threats like the re-born Gameover malware, to old threats like users accessing insecure Wi-Fi networks.

IT pros, we’ve got your back. (And if you win our IT Manager’s Throne, we’ll get your behind too).

Continue reading

Microsoft’s takedown of No-IP – there’s a better way to battle DNS abuse

no-ip-150Microsoft’s takedown of the No-IP dynamic DNS service generated a lot of controversy when legitimate customers were impacted by the disruption of 18,000 subdomains abused by cybercriminals.

Microsoft has done its fair share of good, frequently working with law enforcement to take out servers that control malware spewing bots, such as the ZeroAccess botnet. But in this case, Microsoft misfired and caused a lot of collateral damage, according to Sophos security adviser Maxim Weinstein.

In a new post at Dark Reading Maxim writes that the Microsoft vs. No-IP case highlights the need for “clear standards of abuse handling, and transparency on which service providers measure up.”

Continue reading

The next generation of the PlugX APT – new SophosLabs research

plug-xSophosLabs Threat Researcher Gabor Szappanos has been following the development of PlugX – a strain of advanced persistent threat (APT) that has been used in targeted attacks - over the past year.

“Szappi,” as he’s known around the labs, has dissected variants of PlugX in a series of technical papers explaining his research – and the new ways the cybercriminals have devised to conceal their malware.

In his latest paper, Szappi shows us how one variant of PlugX doesn’t do what the other versions do – dropping a separate file on the infected system – but rather stores itself in memory without using the disk.

Continue reading

Here’s how you can help stop Gameover/Zeus and Cryptolocker


There’s some good news to report: international law enforcement authorities have disrupted the Gameover/Zeus botnet and charged the criminal gang behind the Gameover banking malware that’s been stealing millions of dollars from victims worldwide.

Sophos experts have been tracking Gameover — a variant of the malware kit known as Zeus — for quite a while. SophosLabs recently identified a rootkit element to the Gameover code which made Gameover harder to detect and remove.

As we reported at Naked Security, the Gameover malware has been used by criminals to infect victims with the ransomware called Cryptolocker.

Continue reading

SophosLabs: Dissecting Zeus at SOURCE Dublin

source-dublinWe have discussed the infamous Zeus family of malware and its numerous variants many times on Naked Security, including identifying the introduction of the Necurs rootkit into the Gameover variant, putting the Citadel variant under the microscope, and a technical paper analyzing the original Zeus.

These versions of Zeus and many more continue to plague netizens across the globe, stealing vast quantities of data and costing individuals and institutions huge amounts of money.

I will be giving a presentation at SOURCE Dublin this week that demonstrates the process of extracting useful information from a variety of key Zeus variants including Citadel, Gameover and IceIX.

Continue reading

Sophos news in review: Apple fixes, iOS malware, PCI DSS, and data encryption

rss-newsRight now we’re gearing up for the big show at Infosecurity Europe, starting 29 April, and we’re also planning a big product announcement that you’ll want to hear about — so stay tuned.

Sophos security experts have been talking a whole lot about data security in the wake of the Heartbleed security hole, and we had a very special guest writing for our blog this week to talk about encryption.

And, there’s been plenty of interesting security news this past week, including a mysterious malware known as Unflod Baby Panda that’s been infecting jailbroken iOS devices. Plus, Apple pushed out a bunch of security fixes for OS X, iOS and Apple TV.

Continue reading

Sophos at Infosecurity Europe 2014: Credit card crime, Android malware, and a look inside SophosLabs

infosecurity-europe-2014Infosecurity Europe is coming up the week of 29 April to 1st May 2014, and Sophos will be there at stand H60. Our experts will be giving a full slate of presentations, plus we’ll have demos and give-aways at our booth.

This is the 20th year of the event, and although we’re not sure if there’s a theme to this year’s conference, who could doubt the importance of info security in today’s environment of government surveillance and blockbuster data breaches?

Sign up for your expo pass (free until 28 April), get ready for a good time, and join us in London. Here’s a sneak peek at what we’ll be sharing at Infosec.

Continue reading

Sophos news in review: OpenSSL Heartbleed, what is it and what does it mean for security?

heartbleedThe big story in security news right now is Heartbleed – a serious bug in the software responsible for encrypting traffic on the Internet, called OpenSSL.

OpenSSL is open source software used by websites, including Google, Gmail, Facebook, Yahoo and many thousands more, to encrypt all of our data. But the Heartbleed bug, just recently discovered by two researchers, left the door wide open to data attacks on vulnerable web servers.

We also found out that the Heartbleed bug is in a version of the OpenSSL software that’s two years old — so this vulnerability could have been attacked for a very long time by someone with the resources to exploit it.

Continue reading

New research on Android, rootkits, and malware: SophosLabs papers accepted for Virus Bulletin 2014

Virus-Bulletin-2014Our SophosLabs threat researchers had four papers accepted for the Virus Bulletin 2014 conference in Seattle coming up in September. We’ll be there, alongside the best minds in the security industry.

SophosLabs researchers will share their discoveries and analysis of some cutting-edge topics, including Android malware, kernel rootkits, and new strategies used by malware to evade detection and capture by sandboxing.

Continue reading

Sophos in the news: Microsoft Word zero-day, email privacy, and data encryption (Video and Podcast)

Sophos-in-the-newsThis week we had several more reminders that our data is only as secure as we make it, because we sure can’t rely on others to secure our data for us. Plus, we talked about encryption as the only way to make sure your data isn’t being seen by snoops.

In security news, a new zero-day threat caused Microsoft to issue a security alert and a short-term fix for a vulnerability in Word that was being exploited in targeted attacks.

On the privacy front, meanwhile, Google and Microsoft were fighting back and forth about who has the most secure free webmail.

Continue reading