• 8 May 2020

    Malicious DNS Queries by APT - A Case Study

    Hello Everyone, Ever got any malicious URLs? Couldn’t figure out what’s going on? This email documents suspicious DNS query attempts which were allegedly malicious according to an Advisory shared by the Australian Government. Background : The Australian Govt. shared an advisory with a customer which has a very competent team of IT security experts. The only SHA value mentioned in their advisory...
    • 14 Feb 2020

    Decoding Malicious PowerShell Activity - A Case Study

    IT Administrators and Security Specialists often run into a suspicious looking PowerShell command; sometimes they succeed in decoding them but often, they are reliant on researchers. This blog should serve as a guidance to identify the purpose of suspicious entries found in: Scheduled Tasks RUN Keys in the Registry Static PowerShell Scripts Proxy Logs if a Web Server is exploited for a Remote Code Execution...
    • 23 Oct 2019

    Requests to re-categorize by third parties for PUA/Adware detections (possible Deceptor component)

    Hi Everyone, The below article provides details about how we categorize PUA/Adware detections and how to provide us with the information we need to determine if a re-categorization is required.
    • 23 Jan 2017

    Watch Locky Ransomware in action and learn how Sophos stops it

    Hi everyone, We have just published a new video taking a look at how ransomware works. You can find it here: https://www.youtube.com/watch?v=ajTcYRIwoqU In this video we are going to show you what happens when Locky Ransomware attacks a computer. You will see what a typical user would see if they were the victim of such an attack. We will then show you several scenarios demonstrating how Sophos protects the computers...