An Insider View Into The Increasingly Complex Kingminer Botnet
Cloud Snooper Attack Bypasses AWS Security Measures
MyKings: The Slow But Steady Growth of a Relentless Botnet
SophosLabs Ransomware Behavior Report

Today's Malware

Real-time data on the top malware threats from our award-winning SophosLabs Team.More

Today's Spam Threats

We monitor spam from all sources, every day. View our spam dashboard for real-time data.More
Adware and PUAs
Controlled Applications

IP Address Lookup


If you can see this then you have CSS disabled. This is a honeypot to catch bots, leave this textbox empty



127.0.0.1

An error has occurred, please try again later.

SophosLabs maintains lists of IP addresses suspected to be spam sources.

Submit An Appeal

IP Address Classification Policy

Threat Awareness

Share your questions, answers, advice and comments about threats in the Sophos Community.

Visit the Forum

Technical Papers

Here you will find a range of papers aimed at system administrators and security specialists on a variety of topical issues. Some of these papers have been presented at security seminars and technical conferences around the world.

An Insider View Into The Increasingly Complex Kingminer Botnet

Kingminer is an opportunistic botnet that keeps quiet and flies under the radar. The operators are ambitious and capable, but don’t have endless resources – they use any solution and concept that is freely available, getting inspiration from public domain tools as well as techniques used by APT groups.

View Research

Cloud Snooper Attack Bypasses AWS Security Measures

An investigation into an attack against a cloud computing server reveals an unusual and innovative way for malware to communicate through Amazon’s firewalls

View Research

MyKings: The Slow But Steady Growth of a Relentless Botnet

The botnet known as MyKings wields a wide range of automated methods to break into servers – all just to install cryptocurrency miners.

View Research

SophosLabs Ransomware Behavior Report

What defenders should know about the most prevalent and persistent malware families.

View Research

SophosLabs 2020 Threat Report

Challenges the world faces for the coming year, securing data, devices, and people in an increasingly complex environment.

View Research

WannaCry Aftershock

On May 12th, 2017, organizations across the world were attacked by a new, fast-spreading piece of malware we now know as WannaCry. It is now considered one of the most widespread, and notoriously destructive malware attacks in history, halted only by a researcher getting a lucky break, registering a domain name embedded in the malware that unexpectedly acted as a kill switch. But even today, more than two years hence, WannaCry continues to affect thousands of computers worldwide.

View Research
All Research

Featured Videos

Attacking/Defending Machine Learning Based SoftwareJoshua Saxe

Getting Insight Into Deep Neural NetworksRichard Harang

Network security threats explained: Social engineering

Petya Ransomware Attack: How to Protect Yourself

How WannaCry ransomware works

Comparing the incomparables Gábor Szappanos

Practical Shellcode Analysis Gábor Szappanos

The AI Challenge

Are you smarter than a machine? Play the game to find out.

Play the Game

Meet a SophosLabs Researcher

SophosLabs has a talented team of threat researchers and data scientists worldwide.

Learn More

Latest News

All News
28
Jul

Emotet’s return is the canary in the coal mine

In the past week, we’ve observed that one of the most prevalent, widely-distributed malware families in the world has reawakened after a prolonged absence. Emotet, the ubiquitous botnet that arrives in the guise of any of a thousand different bogus email messages, never really went away when it suddenly stopped appearing in our internal records […]
27
Jul

ProLock ransomware gives you the first 8 kilobytes of decryption for free

As organizations were scrambling to deal with the lockdowns associated with the global COVID-19 pandemic, a new wave of ransomware attacks began. The ransomware,  called ProLock, is a successor to PwndLocker, a ransomware strain that emerged late in 2019. PwndLocker’s distribution was short-lived, primarily because it was discovered that the keys needed to decrypt files […]
14
Jul

It’s always DNS, including on July, 2020’s Patch Tuesday

For our roundup of July, 2020’s Patch Tuesday release, Microsoft today published a few patches that need quick attention. Microsoft fixes 123 vulnerabilities across their product lines this month including 20 classified as Critical, and a whopping 103 flagged as Important.  As usual all the additional details can be found in the Security Update Guide Release […]
14
Jul

RATicate malware gang goes commercial

O, what tangled code we weave, when first we practise to deceive!
14
Jul

RATicate upgrades “RATs as a Service” attacks with commercial “crypter”

In May, we reported initial findings on RATicate, a group of actors spreading remote administration tools (RATs) and other information-stealing malware at least since last year. We tracked multiple malicious spam (“malspam”) email campaigns from the group, with attached installers that usually posed as documents related to financial transactions. In recent campaigns, the group’s tactics […]
02
Jul

Mykings jumps on the Corona train

The ubiquitous, noisy, SQL-attacking botnet can't help comparing itself to a deadly disease
All News

SophosLabs Overview

Data Science
  • Machine learning model development
  • Artificial intelligence research, thought leadership
Threat Intelligence
  • Rapid response to new threats and escalations
  • Deep research into threats and attack profiles
Operations
  • Automation of threat analysis and response
  • Quality assurance testing, analysis, and metrics