VB Blog

Tizi Android malware highlights the importance of security patches for high-risk users

Posted by   Martijn Grooten on   Nov 28, 2017

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.

Read more  

Virus Bulletin to attend AMTSO, AVAR and Botconf

Posted by   Martijn Grooten on   Nov 27, 2017

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.

Read more  

VB2017 video: FinFisher: New techniques and infection vectors revealed

Posted by   Martijn Grooten on   Nov 24, 2017

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.

Read more  

Throwback Thursday: The beginning of the end(point): where we are now and where we'll be in five years

Posted by   Martijn Grooten on   Nov 23, 2017

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.

Read more  

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

Posted by   Martijn Grooten on   Nov 22, 2017

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recording of their presentation.

Read more  

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Posted by   Martijn Grooten on   Nov 21, 2017

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaigns - a lot less attractive.

Read more  

Standalone product test: FireEye Endpoint

Posted by   Martijn Grooten on   Nov 16, 2017

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

Read more  

VB2017 video: Consequences of bad security in health care

Posted by   Martijn Grooten on   Nov 13, 2017

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at VB2017 in Madrid, in which she shared her inside view of security in hospitals.

Read more  

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Posted by   Martijn Grooten on   Nov 9, 2017

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

Read more  

VB2017 paper: The (testing) world turned upside down

Posted by   Martijn Grooten on   Nov 8, 2017

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

Read more  
Previous1...2728293031...215Next

Search blog

WireX DDoS botnet takedown shows the best side of the security industry

Collaboration between a number of security companies has led to the takedown of the WireX Android DDoS botnet. Efforts like these, and the fact that the companies involved all decided to publish the very same blog post, show the best side of the security …
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many… https://www.virusbulletin.com/blog/2017/08/wirex-ddos-botnet-takedown-shows-best-side-security-industry/

Mostly blocked, but still good enough: Necurs sending pump-and-dump spam

The Necurs botnet has started sending pump-and-dump spam. Almost all of these emails are blocked by spam filters, yet the stock price still increased.
Over the past few days, the Necurs spam botnet has increased its activity, sending large amounts of pump-and-dump spam, in which a cheap stock is pushed with the aim of making a… https://www.virusbulletin.com/blog/2017/03/mostly-blocked-still-good-enough-necurs-sending-pump-and-dump-spam/

Conference review: Botconf 2016

Three members of the Virus Bulletin team attended the Botconf 2016 conference in Lyon, France last month, enjoying talks on subjects that ranged from state-sponsored attacks to exploit kits, and from banking trojans to cyber insurance.
This review was written by Martijn Grooten, Adrian Luca and Ionuț Răileanu. Though still only in its fourth year, Botconf has become one of the Virus Bulletin team's favourite… https://www.virusbulletin.com/blog/2016/december/conference-review-botconf-2016/

More on the Moose botnet at Botconf

At Botconf 2016 this week, GoSecure researchers Masarah Paquet-Clouston and Olivier Bilodeau presented their research on the Moose botnet - something Olivier Bilodeau previously spoke about at VB2015.
This week, several members of the Virus Bulletin team are attending Botconf 2016 in Lyon, France. Security conferences provide good opportunities to meet fellow researchers and to… https://www.virusbulletin.com/blog/2016/december/more-moose-botnet-botconf/

Paper: a timeline of mobile botnets

Ruchna Nigam provides an overview of more than 60 mobile malware families.
Ruchna Nigam provides an overview of more than 60 mobile malware families. The rise of mobile malware is still a relatively recent thing, with the first actual mobile botnets not… https://www.virusbulletin.com/blog/2015/03/paper-timeline-mobile-botnets/

VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.Since the close of the VB2014 conference in Seattle in October, we have been sharing… https://www.virusbulletin.com/blog/2015/02/paper-caphaw-advanced-persistent-pluginer/

Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.
Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying. A coordinated action from Anubisnetworks, Microsoft and Symantec, together with Europol has… https://www.virusbulletin.com/blog/2015/02/coordinated-action-takes-down-ramnit-botnet-infrastructure/

VB2014 paper: Hiding the network behind the network. Botnet proxy business model

Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden.
Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden.Over the next few months, we will be sharing VB2014 conference papers as well as video… https://www.virusbulletin.com/blog/2014/10/paper-hiding-network-behind-network-botnet-proxy-business-model/

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part two

Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine.
Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine. Last week, we published the first part of the paper 'Prosecting the Citadel botnet -… https://www.virusbulletin.com/blog/2014/09/paper-prosecting-citadel-botnet-revealing-dominance-zeus-descendent-part-two/

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part one

Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud.
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud. It is unlikely that anyone still thinks that cybercrime is performed by 16-year-old kids who… https://www.virusbulletin.com/blog/2014/09/paper-prosecting-citadel-botnet-revealing-dominance-zeus-descendent-part-one/

Game over for GameOver Zeus botnet?

Coordinated effort against gang that's also behind CryptoLocker ransomware.
Coordinated effort against gang that's also behind CryptoLocker ransomware. A large, coordinated effort involving law enforcement, security vendors and various security… https://www.virusbulletin.com/blog/2014/06/game-over-gameover-zeus-botnet/

Updated botnet likely cause of surge in Tor traffic

New Tor version should help the network deal with increased traffic.
New Tor version should help the network deal with increased traffic. Sometimes a picture says more than a thousand words: The graph shows the daily number of users of the Tor… https://www.virusbulletin.com/blog/2013/09/updated-botnet-likely-cause-surge-tor-traffic/

Kelihos checks machines' IP addresses against DNS blacklists

Role of node in a botnet dependent on whether the IP address is blacklisted.
Role of node in a botnet dependent on whether the IP address is blacklisted. Whenever I look at the results of the VBSpam tests, it always amazes me how large a percentage of spam… https://www.virusbulletin.com/blog/2013/08/kelihos-checks-machines-ip-addresses-against-dns-blacklists/

VB2013 speaker spotlight

We speak to James Wyke about his research interests and what he aims to bring to VB2013.
We speak to James Wyke about his research interests and what he aims to bring to VB2013.The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting… https://www.virusbulletin.com/blog/2013/07/speaker-spotlight-wyke/

Latest VBSpam tests show web host spam harder to block

Most filters see a small increase in their catch rates overall.
Most filters see a small increase in their catch rates overall. The results of VB's latest spam filter test show that the spam sent from web hosts is significantly harder to block… https://www.virusbulletin.com/blog/2013/06/latest-vbspam-tests-show-web-host-spam-harder-block/

Ruby on Rails vulnerability exploited in the wild

Code executed on web servers to cause them to join IRC botnet.
Code executed on web servers to cause them to join IRC botnet. A critical vulnerability in Ruby on Rails is currently being exploited to make web servers join an IRC botnet, Ars… https://www.virusbulletin.com/blog/2013/05/ruby-rails-vulnerability-exploited-wild/

German anti-botnet advisory recommends the use of ad blockers for security

'If websites want to include ads, they must make sure they are secure.'
'If websites want to include ads, they must make sure they are secure.' In an open letter to several prominent German websites, Botfrei, the German anti-botnet advisory centre, has… https://www.virusbulletin.com/blog/2013/05/german-anti-botnet-advisory-recommends-use-ad-blockers-security/

Grum botnet's command-and-control servers shut down

Spam-sending botnet believed to be third largest in the world.
Spam-sending botnet believed to be third largest in the world. International co-operation between a number of parties has led to all command-and-control servers of the 'Grum'… https://www.virusbulletin.com/blog/2012/07/grum-botnet-s-command-and-control-servers-shut-down/

New Zeus/SpyEye botnet does away with command-and-control servers

Increasing use of UDP to avoid communication tracking.
Increasing use of UDP to avoid communication tracking. Researchers at Symantec have discovered a new parallel build of Zeus (also known as Zbot) and SpyEye that appears to be… https://www.virusbulletin.com/blog/2012/02/new-zeus-spyeye-botnet-does-away-command-and-control-servers/

Compromised websites used to mine bitcoins

In-the-browser botnet turns victims' CPU cycles into cash for the attackers.
In-the-browser botnet turns victims' CPU cycles into cash for the attackers. Researchers have discovered a compromised website where a piece of JavaScript has been included that is… https://www.virusbulletin.com/blog/2011/12/compromised-websites-used-mine-bitcoins/

« Previous 12345 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.