News

Botconf - the 'first botnet fighting conference'

Tools, ideas and research presented in Nantes.

10 December 2013

VB2014: more of the same, plus something a little different

Hackers, network security researchers encouraged to submit abstracts for the conference.

09 December 2013

December issue of VB published

The December issue of Virus Bulletin is now available for subscribers to download.

03 December 2013

Spamhaus CIO calls for those running open DNS resolvers to be fined

Open DNS resolvers instrumental in many DDoS attacks.

29 November 2013

Privilege escalation vulnerability targets Windows XP and Server 2003

Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability.

28 November 2013

There is a place for unauthenticated key exchange, but don't tell anyone

Making dragnet surveillance harder justifies using weak form of encryption.

22 November 2013

NCA issues alert on CryptoLocker ransomware

Malware demands $1,000 ransom to decrypt files.

18 November 2013

Industry suffers loss of great researcher

Untimely death of Peter Ször sends shockwaves across anti-malware community.

13 November 2013

'123456' may be an adequate password to protect nothing

Are we giving users the right kind of advice when it comes to password security?

07 November 2013

Good and bad news for victims of targeted attacks against Microsoft products

Bug bounty program extended; TIFF zero-day used in the wild.

06 November 2013

November issue of VB published

The November issue of Virus Bulletin is now available for subscribers to download.

05 November 2013

Open letter asks AV companies for openness on surveillance malware

Old issue has become hot topic again following Snowden revelations.

28 October 2013

Php.net compromised to serve malware

Researchers initially believed Google warning was a false positive.

25 October 2013

Should software vendors extend support for their products on Windows XP?

Is Google making the Internet more or less secure by extending support for Chrome on XP?

21 October 2013

October issue of VB published

The October issue of Virus Bulletin is now available for subscribers to download.

10 October 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Methusela Ferrer about her research interests and what she aims to bring to VB2013.

28 September 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Jarno Niemela about APTs and about what he aims to bring to VB2013.

27 September 2013

Tens of thousands of fake Twitter accounts passed off and sold as 'followers'

After initial takedown, more efforts put into making new fake accounts look genuine.

20 September 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Rowland Yu about Android malware, his research interests, and what he aims to bring to VB2013.

20 September 2013

'Mobile Thursday' at the VB conference

Record number of presentations dedicated to threats affecting smartphones.

19 September 2013

VB2013 last-minute papers and keynote announced

Hot topics to be covered at VB conference in Berlin.

13 September 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Sergey Golovanov about business-to-government malware.

13 September 2013

Backdoored standards show we desperately need more cryptographers

Too few currently possess the skills to verify standards.

11 September 2013

Syrian conflict used in pump-and-dump spam

Short campaign could have had desired effect.

9 September 2013

Box-ticking mentality leads to insecurity

Credit card company fails to understand how authentication works.

6 September 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Andrei Serbanoiu about Facebook ad spam and scams, and what he aims to bring to VB2013.

6 September 2013

Updated botnet likely cause of surge in Tor traffic

New Tor version should help the network deal with increased traffic.

5 September 2013

Malware spoofing HTTP Host header to hide C&C communication

Traffic appears as requests to Google or Yandex.

4 September 2013

September issue of VB published

The September issue of Virus Bulletin is now available for subscribers to download.

2 September 2013

Phone support scams: an old scam with some new tricks

Files in Prefetch directory supposedly show malware infections.

2 September 2013

VB2013 speaker spotlight

We speak to Joe Blackbird and Bill Pfeifer about how anti-malware protection states affect infection rates.

30 August 2013

Kelihos checks machines' IP addresses against DNS blacklists

Role of node in a botnet dependent on whether the IP address is blacklisted.

29 August 2013

New email header attempts to prevent damage of reissued email addresses

Transactional emails not delivered if the account's owner has changed in the meantime.

27 August 2013

VB2013 speaker spotlight

We speak to Gunter Ollmann about the growing need to assess corporate security defences from a hacker's perspective.

23 August 2013

VB2013 speaker spotlight

We speak to Roman Unuchek about malicious redirection of mobile users, his research interests, and what he aims to bring to VB2013.

16 August 2013

DNSSEC glitch causes .gov sites to become inaccessible

Name servers unable to distinguish faulty from rogue responses.

15 August 2013

Researchers demonstrate how IPv6 can easily be used to perform MitM attacks

Many devices simply waiting for router advertisements, good or evil.

12 August 2013

ATM manufacturer pays respects to hacker who broke into its systems

Both Barnaby Jack and Triton showed how white-hat hacking should be done.

9 August 2013

VB2013 speaker spotlight

We speak to VB2013 presenters Ilya Rabinovich and Randy Abrams about their research, Windows 8 security, and what they aim to bring to VB2013.

9 August 2013

Are Gmail's new advertisements in breach of CAN-SPAM?

Marketers upset about 'emails' that you can't unsubscribe from.

8 August 2013

Thousands of websites affected by nameserver hijack redirecting visitors to malware

DNS caching causes attack to have a long tail.

6 August 2013

Firefox 17 zero-day exploit targets users of Tor network

Visitors to child abuse websites likely target of operation, but will there be collateral damage?

5 August 2013

There is no 'I know what I am doing' trump card in security

NSA activities could make millions avoid US-based services.

2 August 2013

VB2013 speaker spotlight

We speak to VB2013 presenters Mark Kennedy and Igor Muttik about their research interests and what they aim to bring to VB2013.

2 August 2013

August issue of VB published

The August issue of Virus Bulletin is now available for subscribers to download.

1 August 2013

VB2013 speaker spotlight

We speak to VB2013 presenters Axelle Apvrille and Karine de Pontevès about their research interests and what they aim to bring to VB2013.

26 July 2013

Is publishing your employees' email addresses such a big deal?

Beware of a false sense of security.

24 July 2013

VB2013 speaker spotlight

We speak to VB2013 presenters Carsten Willems and Ralf Hund about their research interests and what they aim to bring to VB2013.

19 July 2013

VB2013 speaker spotlight

We speak to James Wyke about his research interests and what he aims to bring to VB2013.

12 July 2013

IETF discusses deprecation of IPv6 fragmentation

Little-used feature could have unintended security consequences.

11 July 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Samir Mody about his research interests and what he aims to bring to VB2013.

5 July 2013

July issue of VB published

The July issue of Virus Bulletin is now available for subscribers to download.

1 July 2013

VB2013 speaker spotlight

We speak to VB2013 presenter Andreas Lindh about his research interests and what he aims to bring to VB2013.

28 June 2013

Compromised Yahoo! accounts continue to spread Android malware

Problem likely to be on Yahoo!'s side.

24 June 2013

VB2013 speaker spotlight

We speak to VB2013 presenters Lysa Myers and David Harley about their research interests and what they aim to bring to the conference.

21 June 2013

Facebook temporarily blocks access from Tor

Malicious activity triggered automatic lockdown.

19 June 2013

AV Test releases Android test data

30 mobile solutions tested for malware protection and speed hit.

18 June 2013

Latest VBSpam tests show web host spam harder to block

Most filters see a small increase in their catch rates overall.

17 June 2013

AMTSO unveils product setup check tools

Set of checks can show if your security is properly configured and operational.

04 June 2013

June issue of VB published

The June issue of Virus Bulletin is now available for subscribers to download.

31 May 2013

US lifts ban on anti-virus software for Iran

Eased restrictions welcomed by security experts.

31 May 2013

Ruby on Rails vulnerability exploited in the wild

Code executed on web servers to cause them to join IRC botnet.

29 May 2013

Latest AV-Test results released

New round of figures compare products to Microsoft baselines.

29 May 2013

Symantec quietly retires PC Tools security product lines

Sales of Spyware Doctor and other security products end, support to continue for existing users.

24 May 2013

Dutch citizens keep extra cash at hand following DDoS attacks

Month-long attacks had significant impact.

22 May 2013

India believed to be source of sophisticated surveillance campaigns

In-depth investigations find widespread worldwide snooping, Pakistan primary target.

21 May 2013

German anti-botnet advisory recommends the use of ad blockers for security

'If websites want to include ads, they must make sure they are secure.'

17 May 2013

Commoditization increasingly seen in mobile malware

Number of malicious samples and families increase, as Android remains most popular mobile platform.

16 May 2013

Microsoft 'found to make requests' to URLs shared via Skype

HEAD requests likely used to determine landing page.

14 May 2013

Program turns anti-analysis tools against the malware

Users cautioned to be wary of a false sense of security.

14 May 2013

Twitter, Facebook accounts used in watering hole campaign

USAID sympathizers targeted with links from 'like-minded people'.

13 May 2013

Microsoft offers fix-it for IE 8 zero-day

CVE-2013-1347 used in watering hole attacks.

09 May 2013

Vulnerabilities could trigger payload in emails upon receiving or opening

Flaws in IBM Notes and Exim/Dovecot easy to mitigate.

07 May 2013

May issue of VB published

The May issue of Virus Bulletin is now available for subscribers to download.

03 May 2013

Opposition activists in Asia and Africa targeted by spyware developed by Western companies

Mozilla angry about use of its brand and logo.

02 May 2013

VB100 XP comparative features new speed vs. detection graph

At-a-glance chart shows both detection rates and impact on system performance.

01 May 2013

WordPress pingback used for DDoS attacks

Millions of sites could potentially be used in attack.

01 May 2013

Apache binaries replaced by stealth malcious ones

Malicious servers opening backdoors, performing redirects.

30 April 2013

Dutchman arrested in Spain for DDoS attacks on Spamhaus

Suspect drove around in 'mobile bunker' to co-ordinate attacks.

29 April 2013

Cybercriminals quick to exploit emerging news

Malicious emails appear a matter of hours after news of explosions in the US.

18 April 2013

Different focus on spam needed

What happens before the filter doesn't matter too much.

16 April 2013

VB2013 programme announced

Exciting range of topics to be covered at VB conference in Berlin this October.

11 April 2013

AV-Comparatives reveals detection and protection reports

Figures released for long-term real-world tests and large-scale scanning measures.

10 April 2013

AV-Test releases first Windows 8 test stats

Corporate and consumer products rated against Windows Defender baseline.

4 April 2013

April issue of VB published

The April issue of Virus Bulletin is now available for subscribers to download.

4 April 2013

Catch rates drop in latest VBSpam tests

Spam more of a challenge for majority of products.

27 March 2013

Spam link sends Android users to trojan proxy

Meanwhile, desktop users sent to (relatively harmless) weight-loss site.

18 March 2013

March issue of VB published

The March issue of Virus Bulletin is now available for subscribers to download.

5 March 2013

VB data supports Google's claim to having reduced compromised accounts

Internet giant may indeed do something right; Yahoo! has a real problem.

21 February 2013

Hundreds of APTs linked to Chinese Army department

'Unit 61398' employs hundreds of people.

20 February 2013

Massive drop in PPI SMS spam after spammers fined

Levels still higher than for most of 2012.

12 February 2013

Drop reported in infected computers worldwide

Nearly one third of computers still found to be infected.

06 February 2013

EU to propose cybersecurity rules

Companies required to report breaches.

06 February 2013

Happy Safer Internet Day

10th annual awareness day focuses on rights and responsibilities.

05 February 2013

Impressive results in latest VBSpam test

Excellent performances in spam filter test - plus evidence of a correlation between spam 'passing' SPF and an increased delivery rate.

04 February 2013

February issue of VB published

The February issue of Virus Bulletin is now available for subscribers to download.

1 February 2013

Phone support scammers attempt repeat business

Previous victims contacted again and tricked into 'renewing' service.

29 January 2013

VB2014 - location, location, location

Cat escapes bag as details of VB2014 conference are announced.

28 January 2013

Avast launches bug bounty programme

Security firm offers reward for info on bugs.

25 January 2013

Indian government proposes pamphlet-based cybersecurity education

Mandatory brochures not welcomed by manufacturers.

14 January 2013

Anonymous petitions Obama Administration

"Make DDoS a legal form of protest."

10 January 2013

Cat carries computer virus

Cat collared.

09 January 2013

European Cybercrime Centre set for launch

Central cybercrime resource for EU member states.

09 January 2013

January issue of VB published

The January issue of Virus Bulletin is now available for subscribers to download.

9 January 2013

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.