VB Blog

Registration for VB2018 now open!

Posted by Martijn Grooten on May 8, 2018

Registration for VB2018, the 28th International Virus Bulletin conference, is now open, with an early bird rate available until 1 July.

Posted by Martijn Grooten on May 1, 2018

In April, VB's Martijn Grooten attended the RSA Expo in San Francisco. He shares his views on the expo and the industry.

Posted by Martijn Grooten on Apr 30, 2018

There are a number of security solutions on the market that are designed to increase the default protection provided by Office 365. One such product is the newly launched Kaspersky Security for Microsoft Office 365. Virus Bulletin was commissioned to measure the effectiveness of the Kaspersky product compared to the Office 365 baseline protection.

Posted by Martijn Grooten on Apr 27, 2018

The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight into modern malware development.

Posted by Martijn Grooten on Apr 25, 2018

A BGP hijack was used to take over some of Amazon's DNS infrastructure, which was then used to serve a phishing site to users of the MyEtherWallet service.

Posted by Martijn Grooten on Apr 24, 2018

Various security companies are offering security-focused routers. This is a good trend and may help mitigate a lot of the issues that come with the IoT.

Posted by Virus Bulletin on Apr 23, 2018

Most of the switch from IPv4 to IPv6 will happen seamlessly. But we cannot assume it won't introduce new security issues.

Posted by Martijn Grooten on Apr 19, 2018

Since their return four years ago, Office macros have been one of the most common ways to spread malware. Today, we publish a research paper which looks in detail at a campaign in which VBA macros are used to execute PowerShell code, which in turn downloads the Tesla information-stealing trojan.

Posted by Martijn Grooten on Apr 18, 2018

Within a few years, Android malware has grown from a relatively small threat to a huge problem involving more than three million new malware samples a year. Axelle Apvrille, one of the world's leading Android malware researchers, will deliver a workshop on Android reverse engineering at VB2018 in Montreal this October. Last year, Axelle presented a paper at VB2017 on some of the less common tools that can be used to reverse engineer Android malware. Today, we publish both the paper and the recording of Axelle's presentation.

Posted by Martijn Grooten on Apr 16, 2018

Compromised websites are being used to serve fake Flash Player uploads that come with a malicious payload.

Previous1...2122232425...215Next

Search blog

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.
First discovered at the beginning of the year, the Spora ransomware has become one of of the most prominent ransomware families of 2017, especially in Russia, a region it appears… https://www.virusbulletin.com/blog/2017/12/vb2017-video-spora-saga-continues-k-how-ruin-your-research-week/

Stuxnet infected Natanz plant via carefully selected targets rather than escape from it

Five initial victims of infamous worm named.
Five initial victims of infamous worm named. Today, as Wired journalist Kim Zetter publishes her book Countdown to Zero Day on Stuxnet, researchers from Kaspersky and Symantec… https://www.virusbulletin.com/blog/2014/11/stuxnet-infected-natanz-plant-carefully-selected-targets-rather-escape-it/

Paper: Learning about Bflient through sample analysis

Flexible module-handling mechanism allows malware to adjust functionalities at will.
Flexible module-handling mechanism allows malware to adjust functionalities at will. The history of the 'Bflient' worm goes back to the discovery of its first variants in June… https://www.virusbulletin.com/blog/2014/07/paper-learning-about-bflient-through-sample-analysis/

Flame worm one of the most complex threats ever discovered

Malware possibly used for cyber-espionage.
Malware possibly used for cyber-espionage. The jury is out on whether 'Flame' (also known as 'Flamer' or 'Skywiper') is 'the most lethal cyberweapon to date' as some have claimed,… https://www.virusbulletin.com/blog/2012/05/flame-worm-one-most-complex-threats-ever-discovered/

Contract spam serving malware

Recipients made to believe they have been sent emails accidentally.
Recipients made to believe they have been sent emails accidentally. In a new campaign, spammers are sending out emails that have appear to have contracts attached to them, but… https://www.virusbulletin.com/blog/2010/05/contract-spam-serving-malware/

Worm targets MS08-067 vulnerability

Exploit attack patches flaw once system penetrated.
Exploit attack patches flaw once system penetrated. A worm has been seen taking advantage of the vulnerability in Microsoft's Windows Server Service, patched out-of-cycle last… https://www.virusbulletin.com/blog/2008/12/worm-targets-ms08-067-vulnerability/

Microsoft issues emergency patch

Out-of-cycle update fixes serious, wormable flaw.
Out-of-cycle update fixes serious, wormable flaw.Microsoft has issued an emergency update to cover a serious vulnerability in the Windows Server service, breaking its usual monthly… https://www.virusbulletin.com/blog/2008/10/microsoft-issues-emergency-patch/

Trojan-to-worm automation tool spotted

GUI gizmo adds extra spreading menace to any malware.
GUI gizmo adds extra spreading menace to any malware. Researchers at Panda have discovered a simple and colourful graphical application designed to add basic worm techniques to… https://www.virusbulletin.com/blog/2008/06/trojan-worm-automation-tool-spotted/

Google Groups and Blogspot used to serve malware

Company finds own IP address to be serving most malware.
Company finds own IP address to be serving most malware.Malware writers have created thousands of Google Groups with the sole purpose of serving malware, Sunbelt reports. On the… https://www.virusbulletin.com/blog/2008/04/google-groups-and-blogspot-used-serve-malware/

April Storm

April Fools' Day emails contain new variant of infamous worm.
April Fools' Day emails contain new variant of infamous worm. Security researchers report a new wave of spam emails being sent out. The emails, which use subject lines such as… https://www.virusbulletin.com/blog/2008/04/april-storm/

Microsoft research revives 'friendly worm' ideas

Malware techniques proposed as update-spreading method.
Malware techniques proposed as update-spreading method. A group of Microsoft researchers have put forward proposals to use worm techniques to spread patches and updates across… https://www.virusbulletin.com/blog/2008/02/microsoft-research-revives-friendly-worm-ideas/

First virus-writing arrests in Japan

Winny worm authors brought to book - for copyright violation.
Winny worm authors brought to book - for copyright violation. Japan has seen its first ever arrests of virus writers, with three men taken into custody in Kyoto last week and… https://www.virusbulletin.com/blog/2008/01/first-virus-writing-arrests-japan/

Polyglot worm spreads through MSN

Worm changes language to target wide audience.
Worm changes language to target wide audience. A new worm has been discovered that spreads through MSN Messenger. Once active, the worm opens random TCP ports to connect to an IRC… https://www.virusbulletin.com/blog/2008/01/polyglot-worm-spreads-through-msn/

Symbian worm sighted in the wild

Malware pretends to be media or image file.
Malware pretends to be media or image file. A new worm has been sighted in the wild that operates on the Symbian operating system, which is used on many mobile phones. The worm,… https://www.virusbulletin.com/blog/2008/01/symbian-worm-sighted-wild/

Batch of Dutch MP3 players ships with malware

Worm included as unwanted extra for music lovers.
Worm included as unwanted extra for music lovers. A shipment of MP3 players sold in recent months by Dutch firm Victory has been found to be infected with the Fujacks worm, which… https://www.virusbulletin.com/blog/2008/01/batch-dutch-mp3-players-ships-malware/

Fujacks/Panda virus authors sentenced, offered job

Fujacks author put away for four years.
Fujacks author put away for four years. Four men who were charged last month with writing, selling and spreading the W32/Fujacks virus and worm (a.k.a. the 'Panda burning… https://www.virusbulletin.com/blog/2007/09/fujacks-panda-virus-authors-sentenced-offered-job/

New worm spreading via Skype

Multilingual malware posing as porn in chat messages.
Multilingual malware posing as porn in chat messages. VoIP and chat system Skype has been targeted by another worm, sending chat messages to harvested contacts posing as links to… https://www.virusbulletin.com/blog/2007/09/new-worm-spreading-skype/

Four charged with writing Fujacks

Malware authors and sellers appear in Chinese court.
Malware authors and sellers appear in Chinese court. Four men have appeared in a public court in Hubei Province, China, charged with writing, selling and spreading the W32/Fujacks… https://www.virusbulletin.com/blog/2007/08/four-charged-writing-fujacks/

AVK tops latest AV-Test charts

Top four beat 99% in large collection scan.
Top four beat 99% in large collection scan. Testers at AV-Test.org have run 29 products over a massive collection of malware samples, with detection rates measured against 874,822… https://www.virusbulletin.com/blog/2007/08/avk-tops-latest-av-test-charts/

Worm trashes music files

MP3s targeted for destruction.
MP3s targeted for destruction. A new worm has been spotted attempting to delete .mp3 music files from infected systems and attached devices. Once a machine is compromised, the… https://www.virusbulletin.com/blog/2007/08/worm-trashes-music-files/

« Previous 12 Next »