VB Blog

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Posted by   Martijn Grooten on   Nov 3, 2017

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot infection process, and its aftermath, as seen through the lens of a tool used to perform man-in-the-middle decryption. Today, we publish both Andrew's slides and the recording of his presentation.

Read more  

Paper: FAME - Friendly Malware Analysis Framework

Posted by   Martijn Grooten on   Nov 2, 2017

Today, we publish a short paper in which CERT Société Générale presents FAME, its open source malware analysis framework.

Read more  

Ebury and Mayhem server malware families still active

Posted by   Martijn Grooten on   Oct 31, 2017

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.

Read more  

VB2017 paper: Crypton - exposing malware's deepest secrets

Posted by   Martijn Grooten on   Oct 27, 2017

Crypton, a tool developed by F5 Networks researchers Julia Karpin and Anna Dorfman, aims to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. The researchers described the tool in a paper which they presented at VB2017 in Madrid. Today, we publish both the paper and the recording of their presentation.

Read more  

VB2017 paper: The sprawling market of consumer spyware

Posted by   Martijn Grooten on   Oct 25, 2017

For many people, the threat of an abusive partner or ex-partner is very real - and the market for consumer spyware worryingly large. Today, we publish the recording of a presentation on the subject of consumer spyware given at VB2017 by The Daily Beast reporter Joseph Cox.

Read more  

Gábor Szappanos wins fourth Péter Szőr Award

Posted by   Martijn Grooten on   Oct 23, 2017

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".

Read more  

VB2017 paper: Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Posted by   Martijn Grooten on   Oct 20, 2017

We publish the VB2017 paper and video by Kaspersky Lab researchers Juan Andres Guerrero-Saade and Costin Raiu, in which they look at fourth-party collection (spies spying on other spies' campaigns) and its implications for attribution.

Read more  

Didn't come to VB2017? Tell us why!

Posted by   Martijn Grooten on   Oct 11, 2017

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of the VB Conference? What did you think of this year's programme? And why couldn't you come to Madrid?

Read more  

Montreal will host VB2018

Posted by   Martijn Grooten on   Oct 10, 2017

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.

Read more  

VB2017 preview: Beyond lexical and PDNS (guest blog)

Posted by   Virus Bulletin on   Oct 5, 2017

In a special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday.

Read more  
Previous1...2829303132...215Next

Search blog

Facebook helps you determine whether emails really came from its servers

On its website, Facebook now shows which emails it has sent you recently, thus helping you to determine which emails are real, and which should be discarded as phishing.
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online… https://www.virusbulletin.com/blog/2017/12/facebook-helps-you-determine-whether-emails-really-came-them/

Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement

Clarification in the language of the Wassenaar Arrangement, a multilateral export control regime for conventional arms and dual-use goods and technologies, means those involved in vulnerability disclosure or botnet takedown won't have to worry about acqui…
I have never been too keen on making comparisons between (advanced) cyber attacks and conventional war, as such comparisons tend to ignore the enormous human cost that comes with… https://www.virusbulletin.com/blog/2017/12/vulnerability-disclosure-and-botnet-takedown-not-be-hindered-wassenaar-arrangement/

VB2017 paper: Nine circles of Cerber

Cerber is one of the major names in the world of ransomware, and last year, Check Point released a decryption service for the malware. Today, we publish a VB2017 paper by Check Point's Stanislav Skuratovich describing how the Cerber decryption tool worked…
Earlier this week, we published the video of a VB2017 presentation on the Spora ransomware. Spora is hardly alone in this prominent threat type though, and one of the other major… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-nine-circles-cerber/

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT, which writes in great detail about how a DNS hijack was… https://www.virusbulletin.com/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/

Throwback Thursday: BGP - from route hijacking to RPKI: how vulnerable is the Internet?

For this week's Throwback Thursday, we look back at the video of a talk Level 3's Mike Benjamin gave at VB2016 in Denver, on BGP and BGP hijacks.
Yesterday, a 'mysterious event' involving BGP, the Internet's border gateway protocol, led to the traffic to many popular websites being routed for around six minutes. BGP… https://www.virusbulletin.com/blog/2017/12/throwback-thursday-bgp-route-hijacking-rpki-how-vulnerable-internet/

December

https://www.virusbulletin.com/blog/2017/12/

Security Planner gives security advice based on your threat model

Citizen Lab's Security Planner helps you improve your online safety, based on the specific threats you are facing.
During the upcoming holiday season, many security professionals will be visiting relatives and, during their visit, being asked to fulfil the role of ad-hoc tech support. Apart… https://www.virusbulletin.com/blog/2017/12/security-planner-gives-security-advice-based-your-threat-model/

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.
First discovered at the beginning of the year, the Spora ransomware has become one of of the most prominent ransomware families of 2017, especially in Russia, a region it appears… https://www.virusbulletin.com/blog/2017/12/vb2017-video-spora-saga-continues-k-how-ruin-your-research-week/

VB2017 paper: Modern reconnaissance phase on APT – protection layer

During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid…
Targeted attack campaigns involve multiple stages, the first of which consists of collecting information about the target: the reconnaissance phase. It's an essential part of any… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-modern-reconnaissance-phase-apt-protection-layer/

VB2017 paper: Peering into spam botnets

At VB2017 in Madrid, CERT Poland researchers Maciej Kotowicz and Jarosław Jedynak presented a paper detailing their low-level analysis of five spam botnets. Today we publish their full paper.
Spam continues to be an important infection vector for many malware campaigns, but while a lot of attention is paid to the payloads delivered by these campaigns – Andrew Brandt's… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-peering-spam-botnets/

Throwback Thursday: Anti-malware testing undercover

We look back at the VB2016 presentation by Righard Zwienenberg (ESET) and Luis Corrons (Panda Security), in which they discussed various issues relating to anti-malware testing.
The testing of security products has been a hotly debated topic in the industry for at least the past two decades. It was, for instance, the topic of a popular VB2017 paper by… https://www.virusbulletin.com/blog/2017/11/throwback-thursdayanti-malware-testing-undercover/

Virus Bulletin relaunches VB Security Jobs Market for both employers and job seekers

As an independent body in the IT security industry, Virus Bulletin is in an ideal position to act as a global source of information both about jobs currently available in the field and about those candidates currently seeking to start or progress their ca…
We don't like dramatic headlines here at Virus Bulletin, and whether there really are one million security job openings, as is often claimed, we don't know (there probably… https://www.virusbulletin.com/blog/2017/11/virus-bulletin-relaunches-vb-security-jobs-market-both-employers-and-job-seekers/

VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

At VB2017 in Madrid, macOS malware researcher Patrick Wardle presented the details of a specific piece of Mac malware, FruitFly, which he analysed through a custom C&C server - a technique that will also be of interest for researchers of malware on other …
Few readers of this blog will believe that there aren't any security issues with Apple's macOS operating system, a point made rather unsubtly by yesterday's discovery of a flaw… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-offensive-malware-analysis-dissecting-osxfruitflyb-custom-cc-server/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

Virus Bulletin to attend AMTSO, AVAR and Botconf

Next week, Virus Bulletin researchers will be attending the AMTSO meeting and AVAR conference in Beijing, China, as well as the 5th edition of the Botconf conference in Montpellier, France.
Next week, Virus Bulletin will attend a number of important security conferences in Beijing, China and Montpellier, France.     In Beijing, security… https://www.virusbulletin.com/blog/2017/11/virus-bulletin-attend-amtso-avar-and-botconf/

VB2017 video: FinFisher: New techniques and infection vectors revealed

Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors.
Over the last few years, the infamous FinFisher government spyware (already the subject of a VB2013 paper) has done a good job of staying under the radar. Recently, however, it… https://www.virusbulletin.com/blog/2017/11/vb2017-video-finfisher-new-techniques-and-infection-vectors-revealed/

Throwback Thursday: The beginning of the end(point): where we are now and where we'll be in five years

We look back at the VB2016 presentation by Adrian Sanabria on the state of endpoint security, both now and in the future.
Over the coming weeks and months, we plan to use the Throwback Thursday slot to look back at and publish some great VB conference presentations from our archives. We start… https://www.virusbulletin.com/blog/2017/11/vb2017-video-beginning-endpoint-where-we-are-now-and-where-well-be-five-years/

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recordi…
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-beyond-lexical-and-pdns-using-signals-graphs-uncover-online-threats-scale/

Firefox 59 to make it a lot harder to use data URIs in phishing attacks

Firefox developer Mozilla has announced that, as of version 59 of the browser, many kinds of data URIs, which provide a way to create "domainless web content", will not be rendered in the browser, thus making this trick - used in various phishing campaign…
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently… https://www.virusbulletin.com/blog/2017/11/firefox-59-make-it-lot-harder-use-data-uris-phishing-attacks/

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.
FireEye is well known within the security community, both for its advanced protection products and for its regular research reports. Recently, the company launched a new version… https://www.virusbulletin.com/blog/2017/11/standaline-test-fireeye-endpoint/

« Previous 1...1516171819...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.