VB Blog

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Posted by Martijn Grooten on Nov 3, 2017

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot infection process, and its aftermath, as seen through the lens of a tool used to perform man-in-the-middle decryption. Today, we publish both Andrew's slides and the recording of his presentation.

Posted by Martijn Grooten on Nov 2, 2017

Today, we publish a short paper in which CERT Société Générale presents FAME, its open source malware analysis framework.

Posted by Martijn Grooten on Oct 31, 2017

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.

Posted by Martijn Grooten on Oct 27, 2017

Crypton, a tool developed by F5 Networks researchers Julia Karpin and Anna Dorfman, aims to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. The researchers described the tool in a paper which they presented at VB2017 in Madrid. Today, we publish both the paper and the recording of their presentation.

Posted by Martijn Grooten on Oct 25, 2017

For many people, the threat of an abusive partner or ex-partner is very real - and the market for consumer spyware worryingly large. Today, we publish the recording of a presentation on the subject of consumer spyware given at VB2017 by The Daily Beast reporter Joseph Cox.

Posted by Martijn Grooten on Oct 23, 2017

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".

Posted by Martijn Grooten on Oct 20, 2017

We publish the VB2017 paper and video by Kaspersky Lab researchers Juan Andres Guerrero-Saade and Costin Raiu, in which they look at fourth-party collection (spies spying on other spies' campaigns) and its implications for attribution.

Posted by Martijn Grooten on Oct 11, 2017

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of the VB Conference? What did you think of this year's programme? And why couldn't you come to Madrid?

Posted by Martijn Grooten on Oct 10, 2017

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.

Posted by Virus Bulletin on Oct 5, 2017

In a special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday.

Previous1...2829303132...215Next

Search blog

IEEE announces Anti-Malware Support Service

'Software taggant system' and 'clean file metadata exchange' discussed at previous VB conferences.
'Software taggant system' and 'clean file metadata exchange' discussed at previous VB conferences. Wouldn't it be nice if providers of software packers included a licence key in… https://www.virusbulletin.com/blog/2014/03/ieee-announces-anti-malware-support-service/

March

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2014/03/

March issue of VB published

The March issue of Virus Bulletin is now available for subscribers to download.
The March issue of Virus Bulletin is now available for subscribers to download. The March 2014 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2014/03/march-issue-vb-published/

'Cyberdanger' informs general audience of IT security

Eddy Willems' book is a pleasant read on an important subject.
Eddy Willems' book is a pleasant read on an important subject. Security expert Eddy Willems has written a book. The friendly Belgian, currently G Data's Security Evangelist, is a… https://www.virusbulletin.com/blog/2014/02/cyberdanger-informs-general-audience-it-security/

Researchers crack ransomware encryption

'Bitcrypt' authors confused their bytes and digits.
'Bitcrypt' authors confused their bytes and digits. Two French researchers have found a serious vulnerability in a new piece of ransomware that has allowed them to crack the keys… https://www.virusbulletin.com/blog/2014/02/researchers-crack-ransomware-encryption/

Windows Error Reporting used to discover new attacks

No excuse for sending error reports in cleartext.
No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm… https://www.virusbulletin.com/blog/2014/02/windows-error-reporting-used-discover-new-attacks/

Tech support scammers won't give up

M3AAWG workshop to deal with fighting telephony abuse.
M3AAWG workshop to deal with fighting telephony abuse. For security researchers like myself, receiving a call from a tech support scammer is usually a good opportunity for a bit of… https://www.virusbulletin.com/blog/2014/02/tech-support-scammers-won-t-give/

At least 99.4% of spam blocked in recent Virus Bulletin test

All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC.
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC. The results of the most recent… https://www.virusbulletin.com/blog/2014/02/least-99-4-spam-blocked-recent-test/

February

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2014/02/

February issue of VB published

The February issue of Virus Bulletin is now available for subscribers to download.
The February issue of Virus Bulletin is now available for subscribers to download. The February 2014 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2014/02/february-issue-vb-published/

Macro viruses make a return in targeted attacks

Macros disabled in modern versions of Office, but enabled within many organisations.
Macros disabled in modern versions of Office, but enabled within many organisations. A report by the National Cyber Security Center (NCSC, the Dutch CERT) points to a resurgence of… https://www.virusbulletin.com/blog/2014/01/macro-viruses-make-return-targeted-attacks/

VirusTotal support integrated into new version of Process Explorer

Sysadmins can check hashes of processes against file-checking service database.
Sysadmins can check hashes of processes against file-checking service database.Microsoft and Google are known for their fierce competition, but when it comes to security, the tech… https://www.virusbulletin.com/blog/2014/01/virustotal-support-integrated-new-version-process-explorer/

CSRF vulnerability in USB modems allows for infrastructure-less phishing

Credentials sent to attacker by built-in SMS functionality.
Credentials sent to attacker by built-in SMS functionality. Modems and routers aren't typically known for their security, and modems that allow one to connect to mobile broadband… https://www.virusbulletin.com/blog/2014/01/csrf-vulnerability-usb-modems-allows-infrastructure-less-phishing/

Browser-based ransomware uses scare tactics to extort money

Unsophisticated scam shows the high level of commoditization of today's cybercrime.
Unsophisticated scam shows the high level of commoditization of today's cybercrime. A case of browser-based ransomware, that is currently using social engineering tactics in an… https://www.virusbulletin.com/blog/2014/01/browser-based-ransomware-uses-scare-tactics-extort-money/

Is your fridge sending spam?

It's possible that smart devices are sending spam, but it wouldn't make any difference.
It's possible that smart devices are sending spam, but it wouldn't make any difference. Last week, security-as-a-service firm Proofpoint published a press release on a recent spam… https://www.virusbulletin.com/blog/2014/01/your-fridge-sending-spam/

2014

Latest news from the anti-virus industry provided by independent anti-virus advisors, Virus Bulletin
NewsConference review: Botconf 2014Second edition of 'botnet fighting conference' another great success. 22 December 2014Call for Papers: VB2015 PragueVB seeks submissions for the… https://www.virusbulletin.com/blog/2014/

January

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2014/01/

January issue of VB published

The January issue of Virus Bulletin is now available for subscribers to download.
The January issue of Virus Bulletin is now available for subscribers to download. The January 2014 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2014/01/january-issue-vb-published/

Botconf - the 'first botnet fighting conference'

Tools, ideas and research presented in Nantes.
Tools, ideas and research presented in Nantes. There are far too many security conferences each year for my agenda, budget and brain to handle, and thus I need to choose carefully… https://www.virusbulletin.com/blog/2013/12/botconf-first-botnet-fighting-conference/

VB2014: more of the same, plus something a little different

Hackers, network security researchers encouraged to submit abstracts for the conference.
Hackers, network security researchers encouraged to submit abstracts for the conference. The issuing of the call for papers for a VB conference is always an important event for us,… https://www.virusbulletin.com/blog/2013/12/more-same-plus-something-little-different/

« Previous 1...4041424344...120 Next »