VB Blog

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

Posted by Martijn Grooten on Nov 22, 2019

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his presentation.

Posted by Martijn Grooten on Nov 21, 2019

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and the affiliate scheme behind it. Today we publish both their paper and the recording of their presentation.

Posted by Martijn Grooten on Nov 18, 2019

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video of their presentation.

Posted by Martijn Grooten on Nov 18, 2019

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

Posted by Martijn Grooten on Nov 7, 2019

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

Posted by Martijn Grooten on Nov 6, 2019

VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.

Posted by Martijn Grooten on Nov 5, 2019

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.

Posted by Martijn Grooten on Nov 4, 2019

Having returned from a summer hiatus, Emotet is back targeting inboxes and, as seen in the VBSpam test lab, doing a better job than most other malicious campaigns at bypassing email security products.

Posted by Martijn Grooten on Nov 1, 2019

Those working in the field of infosec are often faced with ethical dilemmas that are impossible to avoid. Today, we publish a VB2019 paper by Kaspersky researcher Ivan Kwiatkowski looking at ethics in infosec as well as the recording of Ivan's presentation.

Posted by Martijn Grooten on Oct 31, 2019

Malware used in domestic abuse situations is a growing threat, and the standard way for anti-virus products to handle such malware may not be good enough. But that doesn't mean there isn't an important role for anti-virus to play.

Previous1...7891011...215Next

Search blog

VB2018 paper: Little Brother is watching – we know all your secrets!

At VB2018 in Montreal, researchers from Fraunhofer SIT looked at privacy vulnerabilities in legitimate Android family-tracking apps that leaked location data. Today, we publish both their paper and the video of their presentation.
The use of mobile spyware to spy on (ex-)partners is an underreported problem, despite the prevalence of such apps and their use in cases of domestic violence. At VB2017 in… https://www.virusbulletin.com/blog/2019/02/vb2018-paper-little-brother-watching-we-know-all-your-secrets/

VB2018 paper: From Hacking Team to hacked team to…?

Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.
It is good practice not to mock or laugh at hacking victims. But when the victim is a company that itself is in the business of hacking and has a habit of selling its products and… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-hacking-team-hacked-team/

VB2018 presentation: The wolf in sheep's clothing - undressed

Today, we publish the video of the VB2018 presentation by CSIS researchers Benoît Ancel and Aleksejs Kuprins, who looked at a rather dubious seller of government spyware, described by someone else operating in the same space as a "criminal of the worst ki…
In recent years, we have seen a trend of commercial spyware being sold to governments. This is a very controversial subject, not least because of the frequent use of this spyware… https://www.virusbulletin.com/blog/2018/10/wolf-sheeps-clothing-undressed/

VB2018 preview: commercial spyware and its use by governments

Today, we preview three VB2018 presentations that look at threats against civil society in general and the use of commercial spyware by governments for this purpose in particular.
Yesterday, a new report by Citizen Lab looked at NSO Group's Pegasus spyware and its global use. The report is worth a read, for the political implications of the findings, for… https://www.virusbulletin.com/blog/2018/09/vb2018-preview-commercial-spyware-and-its-use-governments/

Turkish Twitter users targeted with mobile FinFisher spyware

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.
A new research paper by digital rights organization Access Now looks at how FinFisher has been used against people interested in anti-government protests in Turkey. Through… https://www.virusbulletin.com/blog/2018/05/turkish-twitter-users-targeted-mobile-finfisher-spyware/

VB2017 video: FinFisher: New techniques and infection vectors revealed

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.
Over the last few years, the infamous FinFisher government spyware (already the subject of a VB2013 paper) has done a good job of staying under the radar. Recently, however, it… https://www.virusbulletin.com/blog/2017/11/vb2017-video-finfisher-new-techniques-and-infection-vectors-revealed/

Hot FinSpy research completes VB2017 programme

Researchers from ESET have found a new way in which the FinSpy/FinFisher 'government spyware' can infect users, details of which they will present at VB2017 in Madrid.
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days (CVE-2017-0199 and… https://www.virusbulletin.com/blog/2017/09/hot-finspy-research-makes-vb2017-programme-complete/

Consumer spyware: a serious threat with a different threat model

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?
We all know the risks of having a device infected with malware: an anonymous adversary far away can encrypt your files and hold them to ransom; they can steal your personal data… https://www.virusbulletin.com/blog/2017/04/consumer-spyware-serious-threat-different-threat-model/

Those doing bad things deserve privacy too

Hacking Team leakers should have taken a leaf out of Snowden's book.
Hacking Team leakers should have taken a leaf out of Snowden's book. I can understand, at least in principle, that targeted malware could be used by law enforcement agencies for… https://www.virusbulletin.com/blog/2015/07/those-doing-bad-things-deserve-privacy-too/

Little sympathy for breached Hacking Team

Lists of customers, source code and zero-day vulnerabilities made public.
Lists of customers, source code and zero-day vulnerabilities made public. The biggest security story of this week, and probably one of the biggest of the year, is the hack of… https://www.virusbulletin.com/blog/2015/07/little-sympathy-breached-hacking-team/

Detekt tool searches PCs for traces of surveillance spyware

Second opinion essential in circumstances under which likely victims operate.
Second opinion essential in circumstances under which likely victims operate. Last week, the release of the free 'Detekt' tool was announced. Developed by Claudio Guarnieri and… https://www.virusbulletin.com/blog/2014/11/detekt-tool-searches-pcs-traces-surveillance-spyware/

Cheap Android phone comes shipped with spyware

Trojan masquerades as Google Play app; cannot be removed.
Trojan masquerades as Google Play app; cannot be removed. Researchers at German security firm G Data have discovered Android smartphones that come shipped with spyware. The phone… https://www.virusbulletin.com/blog/2014/06/cheap-android-phone-comes-shipped-spyware/

Opposition activists in Asia and Africa targeted by spyware developed by Western companies

Mozilla angry about use of its brand and logo.
Mozilla angry about use of its brand and logo. A new report has been released on the commercialization of digital spying, which thoroughly analyses a number of pieces of spyware… https://www.virusbulletin.com/blog/2013/05/opposition-activists-asia-and-africa-targeted-spyware-developed-western-companies/

UK to adopt Euro police hacking scheme

Remote search and cyber patrol plans approved.
Remote search and cyber patrol plans approved. The UK Home Office has signed up to a European initiative, proposed in November, to grant police forces greater powers to hack into… https://www.virusbulletin.com/blog/2009/01/uk-adopt-euro-police-hacking-scheme/

Spyware gang sneaks millions from SA government

32 arrested but South Africa theft scam thought to be ongoing.
32 arrested but South Africa theft scam thought to be ongoing. An orchestrated series of spyware infiltrations has netted scammers over £12.8 million ($24.7 million) from the South… https://www.virusbulletin.com/blog/2008/06/spyware-gang-sneaks-millions-sa-government/

Complex attack targets Better Business Bureau

Sophisticated scam uses personalised mails, real site redirects.
Sophisticated scam uses personalised mails, real site redirects. A highly sophisticated email phishing scam is using a redirection flaw in the website of the Better Business Bureau… https://www.virusbulletin.com/blog/2008/02/complex-attack-targets-better-business-bureau/

Usual fare for holiday season

Storm ecards and social site spyware mark unsurprising year end.
Storm ecards and social site spyware mark unsurprising year end. With large portions of the globe celebrating various festivals over the past few weeks, an expected upsurge in… https://www.virusbulletin.com/blog/2008/01/usual-fare-holiday-season/

Zero-day exploit for Japanese word processor Ichitaro

Trend Micro notes increase in regionally targeted attacks as trojan becomes latest to exploit a Ichitaro flaw.
Trend Micro notes increase in regionally targeted attacks as trojan becomes latest to exploit a Ichitaro flaw. A trojan has been found to be exploiting a buffer overflow… https://www.virusbulletin.com/blog/2007/12/zero-day-exploit-japanese-word-processor-ichitaro/

FTC demands more power against spyware

Prosecutions and fines needed to deter badware makers.
Prosecutions and fines needed to deter badware makers. Representatives of the US Federal Trade Commission (FTC), the consumer protection body which has seen some success in the… https://www.virusbulletin.com/blog/2007/10/ftc-demands-more-power-against-spyware/

Spyware maker Direct Revenue closes doors

Notorious company forced out of business by legal actions.
Notorious company forced out of business by legal actions. After numerous lawsuits and fines, adware and spyware maker Direct Revenue is no more. The firm behind a swathe of… https://www.virusbulletin.com/blog/2007/10/spyware-maker-direct-revenue-closes-doors/

« Previous 12 Next »