VB Blog

Alleged author of creepy FruitFly macOS malware arrested

Posted by Martijn Grooten on Jan 11, 2018

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

Posted by Martijn Grooten on Jan 10, 2018

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Posted by Martijn Grooten on Jan 9, 2018

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Posted by Martijn Grooten on Jan 5, 2018

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.

Posted by Martijn Grooten on Jan 4, 2018

Just four days into the new year, two serious attacks in modern processors, dubbed Meltdown and Spectre, have been discovered. The attacks can be mitigated by patches to the operating system, but anti-virus software vendors need to make sure their products are compatible with the patches.

Posted by Martijn Grooten on Dec 22, 2017

Martijn Grooten reports on the 20th AVAR conference, which took place earlier in December in Beijing, China.

Posted by Virus Bulletin on Dec 22, 2017

Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference.

Posted by Martijn Grooten on Dec 21, 2017

(In)security is a global issue that affects countries around the world, but in recent years none has been so badly hit as Ukraine. Today, we publish the videos of two VB2017 talks about attacks that hit Ukraine particularly badly: a talk by Alexander Adamov (NioGuard) on (Not)Petya and related attacks, and another by Robert Lipovsky and Anton Cherepanov (ESET) on Industroyer.

Posted by Martijn Grooten on Dec 21, 2017

On its website, Facebook now shows which emails it has sent you recently, thus helping you to determine which emails are real, and which should be discarded as phishing.

Posted by Martijn Grooten on Dec 19, 2017

Clarification in the language of the Wassenaar Arrangement, a multilateral export control regime for conventional arms and dual-use goods and technologies, means those involved in vulnerability disclosure or botnet takedown won't have to worry about acquiring an export licence.

Previous1...2526272829...215Next

Search blog

August

https://www.virusbulletin.com/blog/2018/08/

VB2018 Small Talk: An industry approach for unwanted software criteria and clean requirements

An industry approach for defining and detecting unwanted software to be presented and discussed at the Virus Bulletin conference.
The constantly evolving threat landscape poses challenges for security vendors. But an equally big, if less reported, challenge is that posed by the kind of software that lives on… https://www.virusbulletin.com/blog/2018/08/vb2018-small-talk-industry-approach-unwanted-software-criteria-and-clean-requirements/

VB2018 call for last-minute papers opened

The call for last-minute papers for VB2018 is now open. Submit before 2 September to have your abstract considered for one of the nine slots reserved for 'hot' research.
Virus Bulletin has opened the call for last-minute papers for VB2018. The VB2018 programme already boasts some 40 talks, with a few more exciting things to be added very soon… https://www.virusbulletin.com/blog/2018/07/vb2018-call-last-minute-papers-opened/

VB2017 paper and update: Browser attack points still abused by banking trojans

At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises …
#VB2017 follow-up: mid 2018 update Peter Kálnai & Michal Poslušný, ESET MITB attacks in Chrome In this short note, we look back to research presented at VB2017 [1].… https://www.virusbulletin.com/blog/2018/07/vb2017-paper-and-update-browser-attack-points-still-abused-banking-trojans/

New paper: Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?
The discovery of the Spectre and Meltdown attacks in January cast a long shadow over the year, with many of the issued security patches having their own problems and several new… https://www.virusbulletin.com/blog/2018/07/new-paper-does-malware-based-spectre-exist/

More VB2018 partners announced

We are excited to announce several more companies that have partnered with VB2018.
The Virus Bulletin Conference has always been about bringing the security community together, and in this spirit, this year we are referring to the organizations that support… https://www.virusbulletin.com/blog/2018/07/more-vb2018-partners-announced/

Malware authors' continued use of stolen certificates isn't all bad news

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors' use of stolen certificates.
A malware campaign has been using code-signing certificates stolen from Taiwanese companies to sign its samples, ESET researcher and regular VB conference speaker Anton Cherepanov… https://www.virusbulletin.com/blog/2018/07/malware-authors-continued-use-stolen-certificates-not-only-bad-news/

Save the dates: VB2019 to take place 2-4 October 2019

Though the location will remain under wraps for a few more months, we are pleased to announce the dates for VB2019, the 29th Virus Bulletin International Conference.
While we hope that you have already circled the dates of 3-5 October 2018 in your agendas, and that you will join us and security experts from around the world for VB2018 in… https://www.virusbulletin.com/blog/2018/07/save-dates-vb2019-take-place-2-4-october-2019/

Necurs update reminds us that the botnet cannot be ignored

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.
If, at some point in the past few years, you have looked at a spam campaign in which a lot of emails were being sent from Vietnam or India, there's a good chance the spam was sent… https://www.virusbulletin.com/blog/2018/07/necurs-update-reminds-us-botnet-cannot-be-ignored/

Nominations opened for fifth Péter Szőr Award

Virus Bulletin has opened nominations for the fifth annual Péter Szőr Award, for the best piece of technical security research published between 1 July 2017 and 30 June 2018.
Virus Bulletin is seeking nominations for the fifth annual Péter Szőr Award. The award was inaugurated during the VB2014 conference, in honour of late security researcher and… https://www.virusbulletin.com/blog/2018/07/nominations-opened-fifth-peter-szor-award/

July

https://www.virusbulletin.com/blog/2018/07/

.SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

Security researcher Matt Nelson has discovered how .SettingContent-ms files can be embedded into Office files to deliver malware.
One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago.… https://www.virusbulletin.com/blog/2018/07/settingcontent-ms-files-remind-us-it-features-not-bugs-we-should-be-most-concerned-about/

We cannot ignore the increased use of IoT in domestic abuse cases

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.
Smart home technology is increasingly being used in domestic abuse cases. In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter… https://www.virusbulletin.com/blog/2018/06/we-cannot-ignore-increased-use-iot-domestic-abuse-cases/

Benefit now from early bird discount tickets for VB2018

If you want to come to VB2018 in Montreal this year (and why wouldn't you?) and want to save a bit on the ticket price (and why wouldn't you?), remember that early bird discounts will be available until 30 June.
In a little over three months, security experts from around the world will gather in Montreal for VB2018, the 28th Virus Bulletin International Conference. We have an exciting… https://www.virusbulletin.com/blog/2018/06/last-week-buy-early-bird-discount-ticket-vb2018/

We are more ready for IPv6 email than we may think

Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
In email security circles, IPv6 is the elephant in the room. While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will… https://www.virusbulletin.com/blog/2018/06/we-are-more-ready-ipv6-email-we-may-think/

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
As modern browsers have become harder to attack, malware authors have found a simple way around this: by working with the browser rather than against it. More particularly, by… https://www.virusbulletin.com/blog/2018/06/subtle-change-could-see-reduction-installation-malicious-chrome-extensions/

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.
A little over a year ago, one of the defining security events of the decade occurred: the WannaCry outbreak. A damaging and destructive cyber attack that hit the UK's National… https://www.virusbulletin.com/blog/2018/06/paper-eternalblue-prominent-threat-actor-20172018/

June

https://www.virusbulletin.com/blog/2018/06/

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.
A few years ago, I somehow got involved in the discussion of a run-of-the-mill malicious spam campaign and ended up speaking to a journalist from the Daily Telegraph. "Is it true… https://www.virusbulletin.com/blog/2018/06/north-korea-hot-subject-among-vb2018-talks/

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender's IP address (and sometimes their domain) is listed as a known spammer.… https://www.virusbulletin.com/blog/2018/05/expired-domain-led-spamcannibal-blacklisting-whole-world/

« Previous 1...1112131415...120 Next »