VB Blog

VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

Posted by Martijn Grooten on Jan 7, 2019

Today, we publish the VB2018 paper by Chronicle researcher Juan Andres Guerrero-Saade, who argues we should change the way we talk about APT actors.

Posted by Martijn Grooten on Dec 19, 2018

VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.

Posted by Martijn Grooten on Dec 14, 2018

At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.

Posted by Martijn Grooten on Dec 12, 2018

Today, we release the video of the VB2018 presentation by Check Point researcher Aseel Kayal, who connected the various dots relating to campaigns by the APT-C-23 threat group.

Posted by Martijn Grooten on Dec 11, 2018

VB calls on organisations and individuals involved in threat intelligence from around the world to participate in next year's Virus Bulletin conference.

Posted by Martijn Grooten on Dec 7, 2018

Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.

Posted by Martijn Grooten on Dec 6, 2018

2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender researchers Adrian Șendroiu and Vladimir Diaconescu, who studied the Hide'N'Seek IoT botnet. We also release the recording of their presentation.

Posted by Martijn Grooten on Dec 4, 2018

In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018 presentation on the same topic.

Posted by Martijn Grooten on Nov 29, 2018

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.

Posted by Martijn Grooten on Nov 28, 2018

Today, we publish the video of the VB2018 presentation by CitizenLab researchers Masashi Nishihata and John Scott Railton, on threats faced by civil society.

Previous1...1415161718...215Next

Search blog

New paper: A review of the evolution of Andromeda over the years

The Andromeda botnet (aka Gamarue or Wauchos) has plagued Internet users for more than half a decade but, following a takedown effort and the arrest of the suspected botnet owner in December 2017, it is likely we have seen the end of it. In a new paper by…
In December last year, a joint operation involving law enforcement agencies and many security firms led to the dismantling of the Andromeda botnet, also known as Gamarue or… https://www.virusbulletin.com/blog/2018/02/new-paper-review-evolution-andromeda-over-years/

There is no evidence in-the-wild malware is using Meltdown or Spectre

Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that… https://www.virusbulletin.com/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/

February

https://www.virusbulletin.com/blog/2018/02/

Throwback Thursday: Malware taking a bit(coin) more than we bargained for

This Throwback Thursday, we republish the VB2012 paper by Microsoft researcher Amir Fouda, one of the earliest papers to look at malware targeting Bitcoin.
In late spring of 2011, a sudden rise in the price of Bitcoin – reaching almost US$30, up from less than $1 barely a month earlier – attracted the attention of malware authors.… https://www.virusbulletin.com/blog/2018/02/throwback-thursday-malware-taking-bitcoin-more-we-bargained/

First time speaker? Don't be afraid of submitting to the VB2018 CFP

We especially encourage those less experienced in speaking in public to submit to the call for papers for VB2018, where we aim to provide a friendly and welcoming environment in which people can both present their own research and learn from what others h…
Last week, we opened the Call for Papers for VB2018, the 28th Virus Bulletin International Conference, which will take place in Montreal, 3-5 October this year. Over the years,… https://www.virusbulletin.com/blog/2018/01/first-time-speaker-we-hope-you-submit-vb2018-cfp/

VB2017 paper: VirusTotal tips, tricks and myths

At VB2017 in Madrid, security researcher Randy Abrams presented an overview of the VirusTotal service and then went on to bust several of the persistent myths that surround it. Today we publish both Randy's paper and the recording of his presentation.
In a surprise announcement, Google's parent company Alphabet has introduced Chronicle, a threat intelligence offering in which Google-owned VirusTotal will play an important role.… https://www.virusbulletin.com/blog/2018/01/vb2017-paper-virustotal-tips-tricks-and-myths/

Healthcare CERTs highlight the need for security guidance for specific sectors

A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development.
In February 2016, a US hospital saw a heart operation interrupted by the rebooting of a monitoring PC, caused by anti-virus software running on the machine. The report filed makes… https://www.virusbulletin.com/blog/2018/01/healthcare-certs-show-need-security-guidance-specific-sectors/

VB2018 call for papers now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2018 is now open and we want to hear from you!
The call for papers for VB2018, the 28th Virus Bulletin International Conference, which will take place in Montreal, Canada, 3-5 October 2018, is now open! We welcome… https://www.virusbulletin.com/blog/2018/01/vb2018-call-papers/

Book review: Serious Cryptography

VB Editor Martijn Grooten recommends Jean-Philippe Aumasson's 'Serious Cryptography' as a very solid but practically focused introduction to cryptography.
This year, Alice and Bob will have been exchanging messages for 40 years. In terms of their contribution to cryptography, they have been almost as important as that other… https://www.virusbulletin.com/blog/2018/01/book-review-serious-cryptography/

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.
Cryptocurrencies have attracted the attention of cybercriminals for many years: as a relatively anonymous payment channel, as a target of their digital theft, and as a way to turn… https://www.virusbulletin.com/blog/2018/01/necurs-pump-and-dump-spam-campaign-pushes-obscure-cryptocurrency/

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.
It is almost a year since the mysterious FruitFly malware for macOS was discovered. Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed… https://www.virusbulletin.com/blog/2018/01/alleged-author-creepy-fruitfly-macos-malware-arrested/

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.
Like many security firms, Virus Bulletin takes the opportunity of the start of the new year to look back at the threats seen over the last 12 months. In a report we publish… https://www.virusbulletin.com/blog/2018/01/threat-and-security-product-landscape-2017/

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.
Of all the annual security reports and blog posts that look back at the previous year, that of Spamhaus is one I particularly look forward to, as it always comes with good and… https://www.virusbulletin.com/blog/2018/01/spamhaus-reports-shows-many-botnet-controllers-look-lot-legitimate-servers/

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.
At one end of the attack spectrum there are attacks that cleverly exploit features of modern processors. At the other end, there are tech support scams that, through some basic… https://www.virusbulletin.com/blog/2018/01/tips-researching-tech-support-scams/

2018

https://www.virusbulletin.com/blog/2018/

January

https://www.virusbulletin.com/blog/2018/01/

Meltdown and Spectre attacks mitigated by operating system updates

Just four days into the new year, two serious attacks in modern processors, dubbed Meltdown and Spectre, have been discovered. The attacks can be mitigated by patches to the operating system, but anti-virus software vendors need to make sure their product…
We wish all our readers a very happy and very secure 2018! The latter part will not come without some serious work though. We are not even four days into the new year and we… https://www.virusbulletin.com/blog/2018/01/meltdown-and-spectre-attacks-mitigated-operating-system-updates/

Conference review: AVAR 2017

Martijn Grooten reports on the 20th AVAR conference, which took place earlier in December in Beijing, China.
The first week of December was packed with security conferences, and VB2017 speakers were busy presenting their research at no fewer than four different events: FIRST in Prague,… https://www.virusbulletin.com/blog/2017/12/conference-review-avar-2017/

Conference review: Botconf 2017

Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference.
Since its first edition in 2013, the Virus Bulletin team have been big fans of Botconf, the botnet fighting conference held every year in France. This year, Virus Bulletin sent… https://www.virusbulletin.com/blog/2017/12/conference-review-botconf-2017/

VB2017 videos on attacks against Ukraine

(In)security is a global issue that affects countries around the world, but in recent years none has been so badly hit as Ukraine. Today, we publish the videos of two VB2017 talks about attacks that hit Ukraine particularly badly: a talk by Alexander Adam…
(In)security is a global problem that affects every country in the world, but in recent years, none has been as badly hit as Ukraine. The most well known malware that… https://www.virusbulletin.com/blog/2017/12/vb2017-videos-attacks-against-ukraine/

« Previous 1...1415161718...120 Next »