VB Blog

Latest Virus Bulletin report shows the difference web security products make

Posted by Martijn Grooten on Nov 27, 2018

The latest Virus Bulletin web security report sees Kaspersky, Trustwave and Fortinet all achieve VBWeb certification, but also see some products struggle with the new Fallout exploit kit.

Posted by Martijn Grooten on Nov 26, 2018

Subscribe to the re-launched Virus Bulletin eNews Newsletter to receive regular updates on the latest threat intelligence sources directly in your inbox.

Posted by Martijn Grooten on Nov 22, 2018

The Lazarus Group, which became (in)famous through the Sony Pictures breach and the WannaCry attack, is still very much active and targeting financial institutions around the world. Today we publish the VB2018 paper by AhnLab researcher Minseok (Jacky) Cha on the group's activities.

Posted by Martijn Grooten on Nov 16, 2018

Today, we have published the video of a VB2018 presentation by Kaspersky Lab researchers Kurt Baumgartner and Mike Scott, who looked at the latest activity of the Turla group.

Posted by Martijn Grooten on Nov 13, 2018

Today we publish the video of the VB2018 presentation by Google researcher Lukasz Siewierski on the Triada Android malware and Google's work with OEMs to remove it from infected devices.

Posted by Martijn Grooten on Nov 6, 2018

Today, we publish the VB2018 paper by Masarah Paquet-Clouston (GoSecure) who looked at the supply chain behind social media fraud.

Posted by Virus Bulletin on Nov 1, 2018

Today, we publish the VB2018 paper from Saher Naumaan (BAE Systems) who looks at malware variants that contain a wiper functionality. We also publish the recording of her presentation.

Posted by Martijn Grooten on Oct 31, 2018

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.

Posted by Martijn Grooten on Oct 30, 2018

Cisco Talos researchers Paul Rascagnères and Warren Mercer were among the first to write about the Olympic Destroyer, the malware that targeted the 2018 PyeongChang Winter Olympic Games. Today, we publish the paper they presented at VB2018 about the malware; we also publish the video of their VB2018 presentation.

Posted by Martijn Grooten on Oct 26, 2018

Today, we publish the VB2018 paper by Malwarebytes researcher Jérôme Segura, in which he details the shift from exploit kits to drive-by mining. We also publish the video of his VB2018 presentation.

Previous1...1516171819...215Next

Search blog

August 2016

Blog posts for August 2016.
https://www.virusbulletin.com/blog/2016/08/

VB2016 call for last-minute papers opened, discounts announced

Announcing the VB2016 call for last-minute papers and a number of discounts on the conference registration rate.
Today, we opened the call for last-minute papers for VB2016. The VB2016 conference programme is already chock-a-block with more than 40 talks on a wide range of security… https://www.virusbulletin.com/blog/2016/08/vb2016-call-last-minute-papers-opened-discounts-announced/

Guest Blog: Malicious Scripts Gaining Prevalence in Brazil

In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual Basic and JavaScript gaining prevalence in Brazil.
In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual… https://www.virusbulletin.com/blog/2016/07/malicious-scripts-gaining-prevalence-brazil/

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the… https://www.virusbulletin.com/blog/2016/07/romanian-university-website-compromised-serve-neutrino-exploit-kit/

It's 2016. Can we stop using MD5 in malware analyses?

While there are no actually risks involved in using MD5s in malware analyses, it reinforces bad habits and we should all start using SHA-256 instead.
When a security researcher comes across a new piece of malware, the first thing he (or she) does is check the file hash to see if it has been seen, or maybe even analysed, before.… https://www.virusbulletin.com/blog/2016/07/its-2016-can-we-stop-using-md5-malware-analyses/

Throwback Thursday: Holding the Bady

In 2001, ‘Code Red’ caused White House administrators to change the IP address of the official White House website, and even penetrated Microsoft’s own IIS servers.
Last week saw the 15th anniversary of the appearance of 'Code Red' (also known as 'Bady') - the first fileless worm, which spread by exploiting a vulnerability in Microsoft IIS,… https://www.virusbulletin.com/blog/2016/07/throwback-thursday-holding-bady/

Paper: The Journey of Evasion Enters Behavioural Phase

A new paper by FireEye researcher Ankit Anubhav provides an overview of evasion techniques applied by recently discovered malware.
Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware… https://www.virusbulletin.com/blog/2016/07/paper-journey-evasion-enters-behavioural-phase/

Guest blog: Espionage toolkit uncovered targeting Central and Eastern Europe

Recently, ESET researchers uncovered a new espionage toolkit targeting targeting Central and Eastern Europe. They provide some details in a guest post.
In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the first of this series, ESET writes about the SBDH toolkit. Over the course… https://www.virusbulletin.com/blog/2016/07/guest-blog-espionage-toolkit-targeting-central-and-eastern-europe-uncovered/

Avast acquires AVG for $1.3bn

Anti-virus vendor Avast has announced the acquisition of its rival AVG for 1.3 billion US dollars.
There was interesting news in the anti-virus world yesterday, as Avast announced the acquisition of its competitor AVG. Both companies were founded in the Czech Republic and… https://www.virusbulletin.com/blog/2016/07/avast-acquires-avg-13bn/

Throwback Thursday: You Are the Weakest Link, Goodbye!

Passwords have long been a weak point in the security chain, despite efforts to encourage users to pick strong ones. 13 years ago, Martin Overton wrote an article highlighting the weakness and explaining why it is the human element that presents the bigge…
A recent survey by mobile ID provider TeleSign revealed that 72% of security professionals believe that passwords will be phased out by 2025 - in favour of behavioural biometrics… https://www.virusbulletin.com/blog/2016/07/throwback-thursday-you-are-weakest-link-goodbye/

July 2016

https://www.virusbulletin.com/blog/2016/07/

Paper: New Keylogger on the Block

In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper (here as a PDF)… https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/

BSides Denver to take place the day after VB2016

VB2016, the 26th International Virus Bulletin conference, is an excellent reason to go to Denver, Colorado in the first week of October. But there is another reason to come to Denver: BSides Denver, which will take place the day after VB2016, on Saturday …
VB2016, the 26th International Virus Bulletin conference, is an excellent reason to visit Denver, Colorado in the first week of October this year. Of course, we are biased, but a… https://www.virusbulletin.com/blog/2016/06/bsides-denver-take-place-day-after-vb2016/

VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format

In their VB2015 paper, Peter Kálnai and Jaromír Hořejší look at the current state of DDoS trojans forming covert botnets on unsuspecting systems. The paper provides a technical analysis of the most important malware families, focusing on infection methods…
Recently, a new trend has emerged in non-Windows DDoS attacks. Malware has evolved into complex and relatively sophisticated pieces of code, employing compression, advanced… https://www.virusbulletin.com/blog/2016/06/vb2015-paper-ddos-trojan-malicious-concept-conquered-elf-format1/

Throwback Thursday: Hyppönen, that Data Fellow / Finnish Sprayer

This week, well known and universally respected industry guru Mikko Hyppönen celebrates his 25th anniversary of working at F-Secure (formerly known as Data Fellows). VB takes a look back in the archives at two articles published in 1994: an "insight" into…
This week, well known and universally respected industry guru Mikko Hyppönen celebrates his 25th anniversary of working at F-Secure (formerly known as Data Fellows). In… https://www.virusbulletin.com/blog/2016/06/throwback-thursday-hypponen-data-fellow-finnish-sprayer/

June 2016

https://www.virusbulletin.com/blog/2016/06/

VB2015 paper: Economic Sanctions on Malware

Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and public-key infrastructure in strateg…
Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer: making attackers spend real money before they can deploy malware… https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/

Virus Bulletin's job site for recruiters and job seekers

Virus Bulletin has relaunched its security job vacancy service and added a new section, in which job seekers can advertise their skills and experience.
Security is doing well. Not necessarily the security of your personal devices, corporate networks and critical infrastructure, but as an area to work in, IT security seems to be a… https://www.virusbulletin.com/blog/2016/05/looking-job-or-fill-vacancy-virus-bulletin-here-help/

Throwback Thursday: One_Half: The Lieutenant Commander?

In October 1994, a new multi-partite virus appeared, using some of the techniques developed by the Dark Avenger in Commander_Bomber. As if this were not enough, the One_Half virus could also encrypt vital parts of the fixed disk. Eugene Kaspersky provided…
The recently encountered Petya trojan comes as something of a blast from the past: it infects the Master Boot Record (MBR) and encrypts the Master File Table (MFT). Kaspersky… https://www.virusbulletin.com/blog/2016/05/throwback-thursday-one-half-lieutenant-commander/

Advertisements on Blogspot sites lead to support scam

Support scam pop-ups presented through malicious advertisements show that, next to vulnerable end points, gullible users remain an easy source of money for online criminals.
In our research for the VBWeb tests, in which we measure the ability of security products to block malicious web traffic, we recently noticed some sites hosted on Google's… https://www.virusbulletin.com/blog/2016/05/advertisements-blogspot-sites-lead-support-scam/

« Previous 1...2425262728...120 Next »