VB Blog

VB2016 video: Last-minute paper: Malicious proxy auto-configs: an easy way to harvest banking credentials

Posted by   Martijn Grooten on   May 30, 2017

In a VB2016 last-minute presentation, Jaromír Horejší and Jan Širmer looked at Retefe, a trojan that has targeted banks in several European countries and used malicious proxy auto-config filesto redirect users' traffic to a server controlled by the attackers. A recording of their presentation is now available to view on our YouTube channel.

Read more  

WannaCry shows we need to understand why organizations don't patch

Posted by   Martijn Grooten on   May 17, 2017

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Read more  

Modern security software is not necessarily powerless against threats like WannaCry

Posted by   Martijn Grooten on   May 15, 2017

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Read more  

Throwback Thursday: CARO: A personal view

Posted by   Helen Martin on   May 11, 2017

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light on the organization, to explain in detail CARO's main activities and functions, as well as the reasons behind its strict membership regulations.

Read more  

VB2016 paper: Uncovering the secrets of malvertising

Posted by   Martijn Grooten on   May 10, 2017

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them with infinite precision and deliver such payloads as ransomware. Today, we publish a paper presented at VB2016 in Denver by Malwarebytes researchers Jérôme Segura and Chris Boyd, in which they look at the advertising ecosystem, how it is used, and at what techniques are being utilised to spread malware

Read more  

Throwback Thursday: Tools of the DDoS Trade

Posted by   Helen Martin on   May 4, 2017

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.

Read more  

VB2016 paper: Building a local passiveDNS capability for malware incident response

Posted by   Martijn Grooten on   May 4, 2017

At VB2016, Splunk researchers Kathy Wang and Steve Brant presented a Splunk app that can be used to locally collect passive DNS data. A recording of their presentation is now available to view on our YouTube channel.

Read more  

VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle

Posted by   Martijn Grooten on   Apr 28, 2017

In a VB2016 last-minute presentation, ESET researchers Peter Kalnai and Martin Jirkal looked at the OS X malware threats KeRanger and Keydnap, that both spread through a compromised BitTorrent client. A recording of their presentation is now available to view on our YouTube channel.

Read more  

Consumer spyware: a serious threat with a different threat model

Posted by   Martijn Grooten on   Apr 25, 2017

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?

Read more  

VB2016 paper: Debugging and monitoring malware network activities with Haka

Posted by   Martijn Grooten on   Apr 24, 2017

In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now available to read/view on www.virusbulletin.com.

Read more  

Search blog

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.
VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework. The Anti-Malware Testing… https://www.virusbulletin.com/blog/2024/06/vbspam-tests-be-executed-under-amtso-framework/

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.
We were very sorry to learn of the passing of Professor Ross Anderson a few days ago. Ross Anderson was Professor of Security Engineering at Cambridge University and Edinburgh… https://www.virusbulletin.com/blog/2024/04/memoriam-prof-ross-anderson/

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.
We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week. Alan Solomon was the eponymous creator of one of the world's first anti-virus… https://www.virusbulletin.com/blog/2024/02/memoriam-dr-alan-solomon/

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.
Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects Read the paper (HTML) Download the paper (PDF)   Android botnets are a formidable… https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.
Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In a… https://www.virusbulletin.com/blog/2021/12/new-paper-collector-stealer-russian-origin-credential-and-information-extractor/

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.
Today, VB has made all VB2021 localhost presentations available on VB's YouTube channel, so you can now watch – and share – any part of the conference freely and without… https://www.virusbulletin.com/blog/2021/11/vb2021-localhost-videos-available-youtube/

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.
VB2021 localhost - VB's second virtual, and entirely free to attend VB conference - took place last week and was a great success. If you missed it, don't worry, the… https://www.virusbulletin.com/blog/2021/10/vb2021-localhost-over-content-still-available-view/

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!
Have you analysed a brand new online threat? Are you involved in cutting edge security research? Are you tasked with securing systems and fending off attacks and developing new… https://www.virusbulletin.com/blog/2021/08/vb2021-localhost-call-last-minute-papers/

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.
Office documents have over many decades been used to launch malware, often through macros, embedded content or exploits. Researcher Kurt Natvig wanted to understand whether… https://www.virusbulletin.com/blog/2021/04/new-article-run-your-malicious-vba-macros-anywhere/

« Previous 1234567...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.