SophosLabs at VB2014: How cunning malware fights analysis by security researchers

SophosLabsMalware is constantly getting smarter and harder to detect. Now malware authors are developing new techniques to avoid not just antivirus, but the environments used by security researchers to analyze malware samples, according to new research from SophosLabs.

James Wyke, Senior Threat Researcher with SophosLabs UK, will be presenting his research on these techniques at the Virus Bulletin 2014 conference in Seattle, running 24-26 September.

In a preview of his presentation, James writes at Naked Security that his paper explores several malware families and a variety of techniques used to throw researchers off the trail.

Continue reading

Sophos on ABC World News: Free Wi-Fi networks have security risks (Video)

wifiWireless networks are everywhere, but they aren’t always secure. In New York City, where millions of people connect to free but insecure Wi-Fi hotspots every day, it’s the same story.

Chester Wisniewski, Sophos senior security adviser, explains just how easy it would be for hackers to take advantage of unsuspecting people, in a segment that appeared Monday night on ABC World News.

Watch the video below or on the ABC World News website to see the full interview with Chet.

Continue reading

Spam-Bot Invaders: Which countries send the most spam? (Infographic)

Spam-Bot-Invaders-150Recently we measured spam volume from around the world to find out which countries are the worst spam offenders. As we expected, the United States sends out way more spam than any other country — 24.2% of all spam was from the U.S.

When you consider the country’s huge online population, it’s not surprising that the U.S. sends so much spam. Spam comes from “bots” — computers infected with malware and under the control of a criminal. “Bot masters” can use servers anywhere in the world to give the bots instructions. So spam-bots in the countries on our list aren’t the authors of the spam, they are more like the messengers.

While it’s interesting to call out the 12 “dirty dozen” countries that send the most spam by volume, we also like to look at the amount of spam by population. It’s a diverse list of nations, and even small countries have a big spam problem.

Continue reading

Sophos news in review: Sysmas prizes, Gameover do-over, and warbiking down under

sophos-sysadmin-throneWe have an extremely cool prize to give away as part of our celebration of the 12 Days of Sysmas. It’s called the Ultimate IT Throne and, even if it won’t give you any real powers over your users or your bosses, it will make you feel like a king (or queen).

There’s a lot going on that demands your attention at nearly every moment, from the not-so-aware user who accidentally downloads new threats like the re-born Gameover malware, to old threats like users accessing insecure Wi-Fi networks.

IT pros, we’ve got your back. (And if you win our IT Throne, we’ll get your behind too).

Continue reading

Microsoft’s takedown of No-IP – there’s a better way to battle DNS abuse

no-ip-150Microsoft’s takedown of the No-IP dynamic DNS service generated a lot of controversy when legitimate customers were impacted by the disruption of 18,000 subdomains abused by cybercriminals.

Microsoft has done its fair share of good, frequently working with law enforcement to take out servers that control malware spewing bots, such as the ZeroAccess botnet. But in this case, Microsoft misfired and caused a lot of collateral damage, according to Sophos security adviser Maxim Weinstein.

In a new post at Dark Reading Maxim writes that the Microsoft vs. No-IP case highlights the need for “clear standards of abuse handling, and transparency on which service providers measure up.”

Continue reading

The next generation of the PlugX APT – new SophosLabs research

plug-xSophosLabs Threat Researcher Gabor Szappanos has been following the development of PlugX – a strain of advanced persistent threat (APT) that has been used in targeted attacks – over the past year.

“Szappi,” as he’s known around the labs, has dissected variants of PlugX in a series of technical papers explaining his research – and the new ways the cybercriminals have devised to conceal their malware.

In his latest paper, Szappi shows us how one variant of PlugX doesn’t do what the other versions do – dropping a separate file on the infected system – but rather stores itself in memory without using the disk.

Continue reading

Here’s how you can help stop Gameover/Zeus and Cryptolocker

gameover-zeus

There’s some good news to report: international law enforcement authorities have disrupted the Gameover/Zeus botnet and charged the criminal gang behind the Gameover banking malware that’s been stealing millions of dollars from victims worldwide.

Sophos experts have been tracking Gameover — a variant of the malware kit known as Zeus — for quite a while. SophosLabs recently identified a rootkit element to the Gameover code which made Gameover harder to detect and remove.

As we reported at Naked Security, the Gameover malware has been used by criminals to infect victims with the ransomware called Cryptolocker.

Continue reading