MyKings: The Slow But Steady Growth of a Relentless Botnet
SophosLabs Ransomware Behavior Report
SophosLabs 2020 Threat Report
WannaCry Aftershock

Today's Malware

Real-time data on the top malware threats from our award-winning SophosLabs Team.More

Today's Spam Threats

We monitor spam from all sources, every day. View our spam dashboard for real-time data.More
Adware and PUAs
Controlled Applications

IP-Adresse prüfen


If you can see this then you have CSS disabled. This is a honeypot to catch bots, leave this textbox empty



127.0.0.1

Es ist ein Fehler aufgetreten. Bitte versuchen Sie es später erneut.

Die SophosLabs pflegen Listen verdächtiger IP-Adressen, bei denen es sich möglicherweise um Spamquellen handelt.

Submit An Appeal

IP Address Classification Policy

Threat Awareness

Share your questions, answers, advice and comments about threats in the Sophos Community.

Visit the Forum

Technische Paper

Hier finden Sie eine Reihe von Forschungsbeiträgen zu verschiedenen Themen, die sich an Systemadministratoren und IT-Security-Spezialisten richten. Einige dieser Paper wurden bei IT-Security-Seminaren und technischen Konferenzen weltweit präsentiert.

SophosLabs 2018 Malware Forecast

In this report, we review malicious activity SophosLabs analyzed and protected customers against in 2017 and use the findings to predict what might happen in 2018.

View Research

Your handy guide to machine learning at Sophos

Sophos data scientists have written several articles about how machine learning works, how it will be applied to Sophos, and what that will mean for customers. This is a handy guide to that content.

View Research

Machine Learning: How to Build a Better Threat Detection Model

A look at how Sophos develops its machine learning models. Here, we explain the concepts and show the development and evaluation of a toy model meant to solve the very real problem of detecting malicious URLs.

View Research

Ransomware as a Service (RaaS): Deconstructing Philadelphia

Kits available on the Dark Web allow the least technically savvy among us to do evil. Philadelphia is one of the slickest, most chilling examples.

View Research

CVE-2017-0199: life of an exploit

The normal lifecycle of an Office exploit starts with the initial use in targeted attacks. Then, at some point, the information leaks out and cybercrime groups start using it more widely. Offensive security researchers then start experimenting with AV evasion, and the exploit finally ends up in underground exploit builders. Normally this cycle can take a few months. In the case of the CVE-2017-0199 Word exploit, we have observed this in a much more accelerated time scale.

View Research

BetaBot Configuration Data Extraction

This paper explores the inner workings of Betabot, including capabilities of the associated botnet server components and technical detail on how to extract and decrypt configuration data.

View Research
Alle Forschungsbeiträge

Featured Videos

Attacking/Defending Machine Learning Based SoftwareJoshua Saxe

Getting Insight Into Deep Neural NetworksRichard Harang

Network security threats explained: Social engineering

Petya Ransomware Attack: How to Protect Yourself

How WannaCry ransomware works

Comparing the incomparables Gábor Szappanos

Practical Shellcode Analysis Gábor Szappanos

The AI Challenge

Are you smarter than a machine? Play the game to find out.

Play the Game

Meet a SophosLabs Researcher

SophosLabs has a talented team of threat researchers and data scientists worldwide.

Learn More

Latest News

All News
15
Jan

Applying threat intelligence to Iranian cyberattack risk

As geopolitical interest increases, discussions of threat intelligence increase which increases pressure on security operations teams to provide answers to customers and to senior leadership.
15
Jan

Compiling open source threat intelligence for threat hunts

In addition to normal tradecraft adaptations, any time a change in the geopolitical landscape takes place, cyberattack campaigns and adversary behaviors typically shift as well. The recent events with Iran and the United States offer a relevant use case for organizations and have highlighted the benefit of having a threat intelligence driven hunting process. The […]
15
Jan

High-profile events are opportunities to determine security readiness

While the likelihood you might be targeted by a nation-state is low, preparing for such a circumstance might still be a useful strategy
14
Jan

January 2020 Patch Tuesday delivers fixes for 50 bugs

This month’s big security news from Microsoft is the end of support for Windows 7, and a patch of a cryptographic library
14
Jan

Fleeceware apps persist on the Play Store

Fleeceware remains a problem on Google Play, where Android users still run the risk of being charged hundreds of dollars or euros for "subscriptions" to apps
24
Dec

Gozi V3: tracked by their own stealth

Gozi, also known as Ursnif or ISFB, is a banking trojan which has been around for a long time and currently multiple variations of the trojan are circulating after its source code got leaked. Every variant that is distributed has interesting aspects, with Gozi version 3 the most eye-catching in the field of detection evasion. […]
All News

SophosLabs Overview

Data Science
  • Machine learning model development
  • Artificial intelligence research, thought leadership
Threat Intelligence
  • Rapid response to new threats and escalations
  • Deep research into threats and attack profiles
Operations
  • Automation of threat analysis and response
  • Quality assurance testing, analysis, and metrics