Security firm Sophos has released two videos which highlight common ways that cybercriminals have been regularly exploiting the web in 2008.
One of these is the fake anti-virus attack or what Sophos calls scareware'. This is where a legitimate website has been compromised and is stuffed with keywords making them attractive in a Google search.
The homepage will have been modified with appended links to the malicious web page. It will also have been modified with obfuscated JavaScript, which will silently redirect the user to the fake anti-virus site.
Here it will alert you to the problem, and urge you to download security software. However this is actually a Trojan downloader, and instead of security software you've got malware.
Snickerdoodle cookies and fake anti-virus software
Another threat was that of the comment section of a legitimate website, where users have linked to fake website, - in this case porn.
Once you have clicked or pasted in the link it says you can only watch the chosen video if you have downloaded a codec. Its insistent that you download an executable file, and once you have down this, the malware is now on your computer.
Malicious porn spammers lead to malware
Sophos also recently released its security threat report and new computerised virus images this month.
-
The evolving role of the CISO and how it impacts channel partnersIndustry Insights The traditional IT sales cycle is being rewritten as CISOs emerge as the most important stakeholders for channel partners to align solutions with
-
How businesses can use storytelling to drive AI adoption among their workforceMany employees are still resisting AI tools, but narrative-led communication is more likely to get their buy-in than data and spreadsheets
-
North Korean hackers are duping freelance developers with fake interviews to steal cryptocurrency and deliver malware — Sophos warns the 'Nickel Alley' group is using LinkedIn, Upwork, and Fiverr to target victimsNews A fake interview process uses coding tests and repo downloads to deliver malware
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortagesNews A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience programNews Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk serviceNews The new fully managed service aims to help organizations manage and protect external attack surfaces
-
Ransomware groups are using media coverage to coerce victims into payingNews Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
