Tag: sophos
-
VB2019 papers: Emotet and Ryuk
Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations ‘chosen’ through an infection with another piece of malware that is then used as a foothold…
-
VB2019 preview: Exploring Emotet, an elaborate everyday enigma
Active since 2014, initially as a banking trojan, Emotet has been a plague on the Internet in recent years. Emotet’s core strength is its ability to download other malware, thus giving those in control of it remote code execution on infected systems and networks. Emotet has been the initial infection in many high-profile attacks, in…
-
VB2018 paper: Office bugs on the rise
A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…
-
VB2018 paper: Office bugs on the rise
A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…
-
VB2018 video: Behind the scenes of the SamSam investigation
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful ransomware campaigns in recent years, thanks to the clever targeting of specific organisations, including universities, hospitals and local governments. This targeting allowed the attackers to ensure the…
-
VB2018 video: Behind the scenes of the SamSam investigation
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful ransomware campaigns in recent years, thanks to the clever targeting of specific organisations, including universities, hospitals and local governments. This targeting allowed the attackers to ensure the…
-
Gábor Szappanos wins fourth Péter Szőr Award
Every year, during the Virus Bulletin Conference gala dinner, we celebrate the life and works of Péter Szőr, the brilliant security researcher who passed away so sadly in 2013. We do so by recognizing a great piece of technical security research with the Péter Szőr Award. This year, we received many nominations, which we narrowed down…
-
Gábor Szappanos wins fourth Péter Szőr Award
Every year, during the Virus Bulletin Conference gala dinner, we celebrate the life and works of Péter Szőr, the brilliant security researcher who passed away so sadly in 2013. We do so by recognizing a great piece of technical security research with the Péter Szőr Award. This year, we received many nominations, which we narrowed down…
-
Paper: New Keylogger on the Block
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…
-
Paper: New Keylogger on the Block
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…