Video: Techniques of the web criminal in 2008
Sophos releases videos of two of the most popular ways that the new breed of web criminal has targeted internet surfers this year.

Security firm Sophos has released two videos which highlight common ways that cybercriminals have been regularly exploiting the web in 2008.
One of these is the fake anti-virus attack or what Sophos calls scareware'. This is where a legitimate website has been compromised and is stuffed with keywords making them attractive in a Google search.
The homepage will have been modified with appended links to the malicious web page. It will also have been modified with obfuscated JavaScript, which will silently redirect the user to the fake anti-virus site.
Here it will alert you to the problem, and urge you to download security software. However this is actually a Trojan downloader, and instead of security software you've got malware.
Snickerdoodle cookies and fake anti-virus software
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Another threat was that of the comment section of a legitimate website, where users have linked to fake website, - in this case porn.
Once you have clicked or pasted in the link it says you can only watch the chosen video if you have downloaded a codec. Its insistent that you download an executable file, and once you have down this, the malware is now on your computer.
Malicious porn spammers lead to malware
Sophos also recently released its security threat report and new computerised virus images this month.
-
Cloudflare is cracking down on AI web scrapers
News Cloudflare CEO Matthew Prince said AI companies have been "scraping content without limits" - now the company is cracking down.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
96% of SMBs are missing critical cybersecurity skills – here's why
News The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualized
Reviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortages
News A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience program
News Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk service
News The new fully managed service aims to help organizations manage and protect external attack surfaces
-
Ransomware groups are using media coverage to coerce victims into paying
News Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actors
News While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies