VB Blog

VB2019 paper: Defeating APT10 compiler-level obfuscations

Posted by   Virus Bulletin on   Mar 13, 2020

At VB2019 in London, Carbon Black researcher Takahiro Haruyama presented a paper on defeating compiler-level obfuscations used by the APT10 group. Today we publish both Takahiro's paper and the recording of his presentation.

Read more  

VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Posted by   Virus Bulletin on   Mar 12, 2020

At VB2019 in London Michael Raggi (Proofpoint) and Ghareeb Saad (Anomali) presented a paper on the 'Royal Road' exploit builder (or weaponizer) and how the properties of RTF files can be used to track weaponizers and their users. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 presentation: Nexus between OT and IT threat intelligence

Posted by   Virus Bulletin on   Mar 11, 2020

Operational technology, the mission critical IT in ICS, shares many similarities with traditional IT systems, but also some crucial differences. During the Threat Intelligence Practitioners’ Summit at VB2019, Dragos cyber threat intelligence analyst Selena Larson gave a keynote on these similarities and differences. Today we release the recording of her presentation.

Read more  

VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

Posted by   Virus Bulletin on   Mar 10, 2020

In a paper presented at VB2019 in London, researchers fron the Financial Security Institute detailed the tools and activities used by the APT group 'Kimsuky', some of which they were able to analyse through OpSec failures by the group. Today, we publish their paper.

Read more  

VB2019 paper: Play fuzzing machine - hunting iOS and macOS kernel vulnerabilities automatically and smartly

Posted by   Virus Bulletin on   Mar 9, 2020

In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how the hunt for vulnerabilities in MacOS and iOS operating systems can be made both smarter and more automatic. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Finding drive-by rookies using an automated active observation platform

Posted by   Virus Bulletin on   Mar 6, 2020

In a last-minute paper presented at VB2019 in London, Rintaro Koike (NTT Security) and Yosuke Chubachi (Active Defense Institute, Ltd) discussed the platform they have built to automatically detect and analyse exploit kits. Today we publish the recording of their presentation.

Read more  

VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary

Posted by   Virus Bulletin on   Feb 28, 2020

The activities of China-based threat actor PKPLUG were detailed in a VB2019 paper by Palo Alto Networks researcher Alex Hinchliffe, who described the playbook of this long-standing adversary. Today we publish both Alex's paper and the recording of his presentation.

Read more  

VB2019 paper: Static analysis methods for detection of Microsoft Office exploits

Posted by   Virus Bulletin on   Feb 25, 2020

Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits.

Read more  

New paper: LokiBot: dissecting the C&C panel deployments

Posted by   Helen Martin on   Feb 17, 2020

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the URL structure of the LokiBot C&C panels and how they have evolved over time.

Read more  

VB2019 presentation: Building secure sharing systems that treat humans as features not bugs

Posted by   Helen Martin on   Feb 14, 2020

In a presentation at VB2019 in London, Virtru's Andrea Limbago described how, by exploring data sharing challenges through a socio-technical lens, it is possible to make significant gains toward the secure sharing systems and processes that are vital for innovation and collaboration. Today we release the recording of her presentation.

Read more  

Search blog

2003

Latest news from the anti-virus industry provided by independent anti-virus advisors, Virus Bulletin
NewsUS and UK spam legislation in place Anti-spam legislation in place. 29 December 2003Number crunchingCalculating the average cost of a virus attack - estimates or guesstimates?… https://www.virusbulletin.com/blog/2003/

January

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2003/01/

Stocks, viruses and a disgruntled employee

A systems administrator has been charged with attempting to manipulate a company's stock price by introducing a virus into its computer system.
A systems administrator has been charged with attempting to manipulate a company's stock price by introducing a virus into its computer system. The New York Times reports that a… https://www.virusbulletin.com/blog/2002/12/stocks-viruses-and-disgruntled-employee/

Stocking Fillers

It's that time of year again when we're frantically scouring the shopping malls for something unique and meaningful to give to our loved ones. Coincidentally, it's also that time of year when VB turns out its stock cupboards and puts some truly fabulous m…
It's that time of year again when we're frantically scouring the shopping malls for something unique and meaningful to give to our loved ones. Coincidentally, it's also that time… https://www.virusbulletin.com/blog/2002/12/stocking-fillers/

December

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2002/12/

Addendum: Windows 2000 Advanced Server Comparative Review

After re-testing, Trend's ServerProtect product gains a VB 100% award.
After re-testing, Trend's ServerProtect product gains a VB 100% award. In the November 2002 Comparative Review Trend's ServerProtect was reported to have failed to achieve full… https://www.virusbulletin.com/blog/2002/12/addendum-windows-2000-advanced-server-comparative-review/

Some thoughts on ViraLock

We examine ViraLock, a product which promises 'Zero Escape For Email Viruses', provided, it seems, the virus plays by their rules.
We examine ViraLock, a product which promises 'Zero Escape For Email Viruses', provided, it seems, the virus plays by their rules. It's understandable that we greet announcements… https://www.virusbulletin.com/blog/2002/11/some-thoughts-viralock/

Who's There?

New security portal unveiled by publishers of Information Security Bulletin magazine.
New security portal unveiled by publishers of Information Security Bulletin magazine. Last month a new security portal was unveiled by the publishers of Information Security… https://www.virusbulletin.com/blog/2002/11/who-s-there/

Paying the Price

McAfee Security issues press release estimating the potential costs to businesses of 'the next big virus attack'
McAfee Security issues press release estimating the potential costs to businesses of 'the next big virus attack' McAfee Security has become the latest security company to issue a… https://www.virusbulletin.com/blog/2002/11/paying-price/

Writer of virus trio in court

A British man has appeared in court charged with the creation and distribution of a trio of mass-mailing viruses: Gokar, Redesi and Admirer.
A British man has appeared in court charged with the creation and distribution of a trio of mass-mailing viruses: Gokar, Redesi and Admirer. A British man has appeared in court… https://www.virusbulletin.com/blog/2002/11/writer-virus-trio-court/

November

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2002/11/

'Kournikova' writer loses appeal

Reports are that Jan de Wit, author of the 'Kournikova' virus (VBSWG variant) has lost his appeal against 150 hours of community service.
Reports are that Jan de Wit, author of the 'Kournikova' virus (VBSWG variant) has lost his appeal against 150 hours of community service. The Register reports that Jan de Wit,… https://www.virusbulletin.com/blog/2002/10/kournikova-writer-loses-appeal/

With friends like these...

A nuisance email which is neither viral nor a hoax is proving to be equally bothersome.
A nuisance email which is neither viral nor a hoax is proving to be equally bothersome. A nuisance email which is neither viral nor a hoax is proving to be equally bothersome.… https://www.virusbulletin.com/blog/2002/10/friends-these/

Addendum: June 2002 Windows XP Comparative Review

F-Prot users relying on the on-access protection against W32/Nimda.A are safe
F-Prot users relying on the on-access protection against W32/Nimda.A are safe In the June 2002 comparative review of anti-virus products for Windows XP (see VB, June 2002, p.19),… https://www.virusbulletin.com/blog/2002/10/addendum-june-2002-windows-xp-comparative-review/

Moth-eaten software...

A warning issued by Israeli security firm GreyMagic Software last month revealed a total of nine vulnerabilities in IE 5.5 and 6.0, all concerning object caching.
A warning issued by Israeli security firm GreyMagic Software last month revealed a total of nine vulnerabilities in IE 5.5 and 6.0, all concerning object caching. A warning… https://www.virusbulletin.com/blog/2002/10/moth-eaten-software/

Service or bust

So confident is Trend Micro of its virus detection abilities that it is offering a financial penalty-backed detection guarantee.
So confident is Trend Micro of its virus detection abilities that it is offering a financial penalty-backed detection guarantee. So confident is Trend Micro of its virus detection… https://www.virusbulletin.com/blog/2002/10/service-or-bust/

October

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2002/10/

Viruses - Some Good

Just occasionally, a virus infection can have some positive effects...
Just occasionally, a virus infection can have some positive effects... Much like biological viruses, it turns out that infections by computer viruses can lead to increased measures… https://www.virusbulletin.com/blog/2002/09/viruses-some-good/

Bring on the DEET

The latest award for the most tenuous product-pushing story goes to BitDefender, whose marketeers claim a 'mosquito-borne disease could easily become a computer infection.'
The latest award for the most tenuous product-pushing story goes to BitDefender, whose marketeers claim a 'mosquito-borne disease could easily become a computer infection.' The… https://www.virusbulletin.com/blog/2002/09/bring-deet/

Virtually There

The Infosecurity show and exhibition has gone virtual with the launch of the first Infosecurity World Online exhibition. But where are the sweets?
The Infosecurity show and exhibition has gone virtual with the launch of the first Infosecurity World Online exhibition. But where are the sweets? The Infosecurity show and… https://www.virusbulletin.com/blog/2002/09/virtually-there/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.