VB Blog

Subtle change could see a reduction in installation of malicious Chrome extensions

Posted by   Martijn Grooten on   Jun 13, 2018

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.

Read more  

Paper: EternalBlue: a prominent threat actor of 2017–2018

Posted by   Martijn Grooten on   Jun 11, 2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.

Read more  

'North Korea' a hot subject among VB2018 talks

Posted by   Virus Bulletin on   Jun 1, 2018

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.

Read more  

Expired domain led to SpamCannibal's blacklist eating the whole world

Posted by   Martijn Grooten on   May 31, 2018

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.

Read more  

MnuBot banking trojan communicates via SQL server

Posted by   Martijn Grooten on   May 30, 2018

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.

Read more  

Throwback Thursday: Giving the EICAR test file some teeth

Posted by   Martijn Grooten on   May 24, 2018

The 68-byte EICAR test file plays as important a role today as it did 19 years ago. In this week's Throwback Thursday we look back at a VB99 conference paper in which Randy Abrams described how this 'miracle tool' worked and how it could be used.

Read more  

XMRig used in new macOS cryptominer

Posted by   Martijn Grooten on   May 23, 2018

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.

Read more  

Tendency for DDoS attacks to become less volumetric fits in a wider trend

Posted by   Martijn Grooten on   May 22, 2018

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.

Read more  

Turkish Twitter users targeted with mobile FinFisher spyware

Posted by   Martijn Grooten on   May 15, 2018

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.

Read more  

Hide'n'Seek IoT botnet adds persistence

Posted by   Martijn Grooten on   May 9, 2018

The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.

Read more  
Previous1...2021222324...215Next

Search blog

August

https://www.virusbulletin.com/blog/2018/08/

VB2018 Small Talk: An industry approach for unwanted software criteria and clean requirements

An industry approach for defining and detecting unwanted software to be presented and discussed at the Virus Bulletin conference.
The constantly evolving threat landscape poses challenges for security vendors. But an equally big, if less reported, challenge is that posed by the kind of software that lives on… https://www.virusbulletin.com/blog/2018/08/vb2018-small-talk-industry-approach-unwanted-software-criteria-and-clean-requirements/

VB2018 call for last-minute papers opened

The call for last-minute papers for VB2018 is now open. Submit before 2 September to have your abstract considered for one of the nine slots reserved for 'hot' research.
Virus Bulletin has opened the call for last-minute papers for VB2018. The VB2018 programme already boasts some 40 talks, with a few more exciting things to be added very soon… https://www.virusbulletin.com/blog/2018/07/vb2018-call-last-minute-papers-opened/

VB2017 paper and update: Browser attack points still abused by banking trojans

At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises …
#VB2017 follow-up: mid 2018 update Peter Kálnai & Michal Poslušný, ESET MITB attacks in Chrome In this short note, we look back to research presented at VB2017 [1].… https://www.virusbulletin.com/blog/2018/07/vb2017-paper-and-update-browser-attack-points-still-abused-banking-trojans/

New paper: Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?
The discovery of the Spectre and Meltdown attacks in January cast a long shadow over the year, with many of the issued security patches having their own problems and several new… https://www.virusbulletin.com/blog/2018/07/new-paper-does-malware-based-spectre-exist/

More VB2018 partners announced

We are excited to announce several more companies that have partnered with VB2018.
The Virus Bulletin Conference has always been about bringing the security community together, and in this spirit, this year we are referring to the organizations that support… https://www.virusbulletin.com/blog/2018/07/more-vb2018-partners-announced/

Malware authors' continued use of stolen certificates isn't all bad news

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors' use of stolen certificates.
A malware campaign has been using code-signing certificates stolen from Taiwanese companies to sign its samples, ESET researcher and regular VB conference speaker Anton Cherepanov… https://www.virusbulletin.com/blog/2018/07/malware-authors-continued-use-stolen-certificates-not-only-bad-news/

Save the dates: VB2019 to take place 2-4 October 2019

Though the location will remain under wraps for a few more months, we are pleased to announce the dates for VB2019, the 29th Virus Bulletin International Conference.
While we hope that you have already circled the dates of 3-5 October 2018 in your agendas, and that you will join us and security experts from around the world for VB2018 in… https://www.virusbulletin.com/blog/2018/07/save-dates-vb2019-take-place-2-4-october-2019/

Necurs update reminds us that the botnet cannot be ignored

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.
If, at some point in the past few years, you have looked at a spam campaign in which a lot of emails were being sent from Vietnam or India, there's a good chance the spam was sent… https://www.virusbulletin.com/blog/2018/07/necurs-update-reminds-us-botnet-cannot-be-ignored/

Nominations opened for fifth Péter Szőr Award

Virus Bulletin has opened nominations for the fifth annual Péter Szőr Award, for the best piece of technical security research published between 1 July 2017 and 30 June 2018.
Virus Bulletin is seeking nominations for the fifth annual Péter Szőr Award. The award was inaugurated during the VB2014 conference, in honour of late security researcher and… https://www.virusbulletin.com/blog/2018/07/nominations-opened-fifth-peter-szor-award/

July

https://www.virusbulletin.com/blog/2018/07/

.SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

Security researcher Matt Nelson has discovered how .SettingContent-ms files can be embedded into Office files to deliver malware.
One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago.… https://www.virusbulletin.com/blog/2018/07/settingcontent-ms-files-remind-us-it-features-not-bugs-we-should-be-most-concerned-about/

We cannot ignore the increased use of IoT in domestic abuse cases

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.
Smart home technology is increasingly being used in domestic abuse cases. In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter… https://www.virusbulletin.com/blog/2018/06/we-cannot-ignore-increased-use-iot-domestic-abuse-cases/

Benefit now from early bird discount tickets for VB2018

If you want to come to VB2018 in Montreal this year (and why wouldn't you?) and want to save a bit on the ticket price (and why wouldn't you?), remember that early bird discounts will be available until 30 June.
In a little over three months, security experts from around the world will gather in Montreal for VB2018, the 28th Virus Bulletin International Conference. We have an exciting… https://www.virusbulletin.com/blog/2018/06/last-week-buy-early-bird-discount-ticket-vb2018/

We are more ready for IPv6 email than we may think

Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
In email security circles, IPv6 is the elephant in the room. While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will… https://www.virusbulletin.com/blog/2018/06/we-are-more-ready-ipv6-email-we-may-think/

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
As modern browsers have become harder to attack, malware authors have found a simple way around this: by working with the browser rather than against it. More particularly, by… https://www.virusbulletin.com/blog/2018/06/subtle-change-could-see-reduction-installation-malicious-chrome-extensions/

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.
A little over a year ago, one of the defining security events of the decade occurred: the WannaCry outbreak. A damaging and destructive cyber attack that hit the UK's National… https://www.virusbulletin.com/blog/2018/06/paper-eternalblue-prominent-threat-actor-20172018/

June

https://www.virusbulletin.com/blog/2018/06/

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.
A few years ago, I somehow got involved in the discussion of a run-of-the-mill malicious spam campaign and ended up speaking to a journalist from the Daily Telegraph. "Is it true… https://www.virusbulletin.com/blog/2018/06/north-korea-hot-subject-among-vb2018-talks/

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender's IP address (and sometimes their domain) is listed as a known spammer.… https://www.virusbulletin.com/blog/2018/05/expired-domain-led-spamcannibal-blacklisting-whole-world/

« Previous 1...1112131415...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.