VB Blog

VB2018 paper: Little Brother is watching – we know all your secrets!

Posted by Martijn Grooten on Feb 1, 2019

At VB2018 in Montreal, researchers from Fraunhofer SIT looked at privacy vulnerabilities in legitimate Android family-tracking apps that leaked location data. Today, we publish both their paper and the video of their presentation.

Posted by Martijn Grooten on Jan 29, 2019

Threat intelligence teams would do well to recruit journalists, whose experience is crucial in today's threat landscape.

Posted by Martijn Grooten on Jan 28, 2019

Using data from our VBSpam lab, we looked at the malicious emails that have been missed recently by a large number of email security products.

Posted by Martijn Grooten on Jan 25, 2019

The Formbook information-stealing trojan may not be APT-grade malware, but its continuing spread means it can still be effective. At VB2018 in Montreal, Gabriela Nicolao, a researcher from Deloitte in Argentina, presented a short paper in which she looked at Formbook's background and history and analysed a sample of the malware. Today, we publish Gabriela's paper.

Posted by Martijn Grooten on Jan 24, 2019

With the VB2019 Call for Papers having opened last week, we explain how the selection procedure works, which may help you during your abstract submission.

Posted by Martijn Grooten on Jan 18, 2019

Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.

Posted by Martijn Grooten on Jan 17, 2019

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.

Posted by Helen Martin on Jan 17, 2019

Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.

Posted by Martijn Grooten on Jan 15, 2019

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!

Posted by Martijn Grooten on Jan 14, 2019

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

Previous1...1314151617...215Next

Search blog

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.
First discovered at the beginning of the year, the Spora ransomware has become one of of the most prominent ransomware families of 2017, especially in Russia, a region it appears… https://www.virusbulletin.com/blog/2017/12/vb2017-video-spora-saga-continues-k-how-ruin-your-research-week/

Stuxnet infected Natanz plant via carefully selected targets rather than escape from it

Five initial victims of infamous worm named.
Five initial victims of infamous worm named. Today, as Wired journalist Kim Zetter publishes her book Countdown to Zero Day on Stuxnet, researchers from Kaspersky and Symantec… https://www.virusbulletin.com/blog/2014/11/stuxnet-infected-natanz-plant-carefully-selected-targets-rather-escape-it/

Paper: Learning about Bflient through sample analysis

Flexible module-handling mechanism allows malware to adjust functionalities at will.
Flexible module-handling mechanism allows malware to adjust functionalities at will. The history of the 'Bflient' worm goes back to the discovery of its first variants in June… https://www.virusbulletin.com/blog/2014/07/paper-learning-about-bflient-through-sample-analysis/

Flame worm one of the most complex threats ever discovered

Malware possibly used for cyber-espionage.
Malware possibly used for cyber-espionage. The jury is out on whether 'Flame' (also known as 'Flamer' or 'Skywiper') is 'the most lethal cyberweapon to date' as some have claimed,… https://www.virusbulletin.com/blog/2012/05/flame-worm-one-most-complex-threats-ever-discovered/

Contract spam serving malware

Recipients made to believe they have been sent emails accidentally.
Recipients made to believe they have been sent emails accidentally. In a new campaign, spammers are sending out emails that have appear to have contracts attached to them, but… https://www.virusbulletin.com/blog/2010/05/contract-spam-serving-malware/

Worm targets MS08-067 vulnerability

Exploit attack patches flaw once system penetrated.
Exploit attack patches flaw once system penetrated. A worm has been seen taking advantage of the vulnerability in Microsoft's Windows Server Service, patched out-of-cycle last… https://www.virusbulletin.com/blog/2008/12/worm-targets-ms08-067-vulnerability/

Microsoft issues emergency patch

Out-of-cycle update fixes serious, wormable flaw.
Out-of-cycle update fixes serious, wormable flaw.Microsoft has issued an emergency update to cover a serious vulnerability in the Windows Server service, breaking its usual monthly… https://www.virusbulletin.com/blog/2008/10/microsoft-issues-emergency-patch/

Trojan-to-worm automation tool spotted

GUI gizmo adds extra spreading menace to any malware.
GUI gizmo adds extra spreading menace to any malware. Researchers at Panda have discovered a simple and colourful graphical application designed to add basic worm techniques to… https://www.virusbulletin.com/blog/2008/06/trojan-worm-automation-tool-spotted/

Google Groups and Blogspot used to serve malware

Company finds own IP address to be serving most malware.
Company finds own IP address to be serving most malware.Malware writers have created thousands of Google Groups with the sole purpose of serving malware, Sunbelt reports. On the… https://www.virusbulletin.com/blog/2008/04/google-groups-and-blogspot-used-serve-malware/

April Storm

April Fools' Day emails contain new variant of infamous worm.
April Fools' Day emails contain new variant of infamous worm. Security researchers report a new wave of spam emails being sent out. The emails, which use subject lines such as… https://www.virusbulletin.com/blog/2008/04/april-storm/

Microsoft research revives 'friendly worm' ideas

Malware techniques proposed as update-spreading method.
Malware techniques proposed as update-spreading method. A group of Microsoft researchers have put forward proposals to use worm techniques to spread patches and updates across… https://www.virusbulletin.com/blog/2008/02/microsoft-research-revives-friendly-worm-ideas/

First virus-writing arrests in Japan

Winny worm authors brought to book - for copyright violation.
Winny worm authors brought to book - for copyright violation. Japan has seen its first ever arrests of virus writers, with three men taken into custody in Kyoto last week and… https://www.virusbulletin.com/blog/2008/01/first-virus-writing-arrests-japan/

Polyglot worm spreads through MSN

Worm changes language to target wide audience.
Worm changes language to target wide audience. A new worm has been discovered that spreads through MSN Messenger. Once active, the worm opens random TCP ports to connect to an IRC… https://www.virusbulletin.com/blog/2008/01/polyglot-worm-spreads-through-msn/

Symbian worm sighted in the wild

Malware pretends to be media or image file.
Malware pretends to be media or image file. A new worm has been sighted in the wild that operates on the Symbian operating system, which is used on many mobile phones. The worm,… https://www.virusbulletin.com/blog/2008/01/symbian-worm-sighted-wild/

Batch of Dutch MP3 players ships with malware

Worm included as unwanted extra for music lovers.
Worm included as unwanted extra for music lovers. A shipment of MP3 players sold in recent months by Dutch firm Victory has been found to be infected with the Fujacks worm, which… https://www.virusbulletin.com/blog/2008/01/batch-dutch-mp3-players-ships-malware/

Fujacks/Panda virus authors sentenced, offered job

Fujacks author put away for four years.
Fujacks author put away for four years. Four men who were charged last month with writing, selling and spreading the W32/Fujacks virus and worm (a.k.a. the 'Panda burning… https://www.virusbulletin.com/blog/2007/09/fujacks-panda-virus-authors-sentenced-offered-job/

New worm spreading via Skype

Multilingual malware posing as porn in chat messages.
Multilingual malware posing as porn in chat messages. VoIP and chat system Skype has been targeted by another worm, sending chat messages to harvested contacts posing as links to… https://www.virusbulletin.com/blog/2007/09/new-worm-spreading-skype/

Four charged with writing Fujacks

Malware authors and sellers appear in Chinese court.
Malware authors and sellers appear in Chinese court. Four men have appeared in a public court in Hubei Province, China, charged with writing, selling and spreading the W32/Fujacks… https://www.virusbulletin.com/blog/2007/08/four-charged-writing-fujacks/

AVK tops latest AV-Test charts

Top four beat 99% in large collection scan.
Top four beat 99% in large collection scan. Testers at AV-Test.org have run 29 products over a massive collection of malware samples, with detection rates measured against 874,822… https://www.virusbulletin.com/blog/2007/08/avk-tops-latest-av-test-charts/

Worm trashes music files

MP3s targeted for destruction.
MP3s targeted for destruction. A new worm has been spotted attempting to delete .mp3 music files from infected systems and attached devices. Once a machine is compromised, the… https://www.virusbulletin.com/blog/2007/08/worm-trashes-music-files/

« Previous 12 Next »