VB Blog

Virus Bulletin at RSA

Posted by Martijn Grooten on Apr 13, 2018

Next week, VB Editor Martijn Grooten will be at the RSA Conference in San Francisco.

Posted by Martijn Grooten on Apr 11, 2018

VB is excited to reveal the details of an interesting and diverse programme for VB2018, the 28th Virus Bulletin International Conference, which takes place 3-5 October in Montreal, Canada.

Posted by Martijn Grooten on Apr 10, 2018

A clever trick taking advantage of the fact that Gmail ignores dots in email addresses could be used to trick someone into paying for your Netflix subscription - demonstrating the importance of confirmed opt-in.

Posted by Martijn Grooten on Apr 10, 2018

At VB2017 in Madrid, Malwarebytes' Chris Boyd presented a paper in which he looked at various aspects of advergaming, from unreadable EULAs to fake programs that promise to block ads. Today, we publish both the paper and the recording of Chris's presentation.

Posted by Martijn Grooten on Mar 27, 2018

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. Today, we publish a new paper by a group of researchers affiliated with various UK universities and companies, which looks at how machine-learning methods can be used to detect app collusions.

Posted by Martijn Grooten on Mar 26, 2018

At VB2016 in Denver, Jorge Blasco presented a paper (co-written with Thomas M. Chen, Igor Muttik and Markus Roggenbach), in which he discussed the concept of app collusion - where two (or more) apps installed on the same device work together to collect and extract data from the device - and presented discoveries of colluding code in many in-the-wild apps. Today, we publish both the paper and the recording of Jorge's presentation.

Posted by Martijn Grooten on Mar 19, 2018

At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording of Adam's presentation.

Posted by Martijn Grooten on Mar 16, 2018

The call for papers for VB2018 closes on 18 March, and while we've already received many great submissions, we still want more! Here are five reasons why you should submit a paper this weekend.

Posted by Martijn Grooten on Mar 15, 2018

We are excited to announce the first six companies to partner with VB2018.

Posted by Martijn Grooten on Mar 9, 2018

We like to pick good, solid technical talks for the VB conference programme, but good talks don't have to be technical and we welcome less technical submissions just as much.

Previous1...2223242526...215Next

Search blog

August 2016

Blog posts for August 2016.
https://www.virusbulletin.com/blog/2016/08/

VB2016 call for last-minute papers opened, discounts announced

Announcing the VB2016 call for last-minute papers and a number of discounts on the conference registration rate.
Today, we opened the call for last-minute papers for VB2016. The VB2016 conference programme is already chock-a-block with more than 40 talks on a wide range of security… https://www.virusbulletin.com/blog/2016/08/vb2016-call-last-minute-papers-opened-discounts-announced/

Guest Blog: Malicious Scripts Gaining Prevalence in Brazil

In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual Basic and JavaScript gaining prevalence in Brazil.
In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual… https://www.virusbulletin.com/blog/2016/07/malicious-scripts-gaining-prevalence-brazil/

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the… https://www.virusbulletin.com/blog/2016/07/romanian-university-website-compromised-serve-neutrino-exploit-kit/

It's 2016. Can we stop using MD5 in malware analyses?

While there are no actually risks involved in using MD5s in malware analyses, it reinforces bad habits and we should all start using SHA-256 instead.
When a security researcher comes across a new piece of malware, the first thing he (or she) does is check the file hash to see if it has been seen, or maybe even analysed, before.… https://www.virusbulletin.com/blog/2016/07/its-2016-can-we-stop-using-md5-malware-analyses/

Throwback Thursday: Holding the Bady

In 2001, ‘Code Red’ caused White House administrators to change the IP address of the official White House website, and even penetrated Microsoft’s own IIS servers.
Last week saw the 15th anniversary of the appearance of 'Code Red' (also known as 'Bady') - the first fileless worm, which spread by exploiting a vulnerability in Microsoft IIS,… https://www.virusbulletin.com/blog/2016/07/throwback-thursday-holding-bady/

Paper: The Journey of Evasion Enters Behavioural Phase

A new paper by FireEye researcher Ankit Anubhav provides an overview of evasion techniques applied by recently discovered malware.
Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware… https://www.virusbulletin.com/blog/2016/07/paper-journey-evasion-enters-behavioural-phase/

Guest blog: Espionage toolkit uncovered targeting Central and Eastern Europe

Recently, ESET researchers uncovered a new espionage toolkit targeting targeting Central and Eastern Europe. They provide some details in a guest post.
In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the first of this series, ESET writes about the SBDH toolkit. Over the course… https://www.virusbulletin.com/blog/2016/07/guest-blog-espionage-toolkit-targeting-central-and-eastern-europe-uncovered/

Avast acquires AVG for $1.3bn

Anti-virus vendor Avast has announced the acquisition of its rival AVG for 1.3 billion US dollars.
There was interesting news in the anti-virus world yesterday, as Avast announced the acquisition of its competitor AVG. Both companies were founded in the Czech Republic and… https://www.virusbulletin.com/blog/2016/07/avast-acquires-avg-13bn/

Throwback Thursday: You Are the Weakest Link, Goodbye!

Passwords have long been a weak point in the security chain, despite efforts to encourage users to pick strong ones. 13 years ago, Martin Overton wrote an article highlighting the weakness and explaining why it is the human element that presents the bigge…
A recent survey by mobile ID provider TeleSign revealed that 72% of security professionals believe that passwords will be phased out by 2025 - in favour of behavioural biometrics… https://www.virusbulletin.com/blog/2016/07/throwback-thursday-you-are-weakest-link-goodbye/

July 2016

https://www.virusbulletin.com/blog/2016/07/

Paper: New Keylogger on the Block

In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper (here as a PDF)… https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/

BSides Denver to take place the day after VB2016

VB2016, the 26th International Virus Bulletin conference, is an excellent reason to go to Denver, Colorado in the first week of October. But there is another reason to come to Denver: BSides Denver, which will take place the day after VB2016, on Saturday …
VB2016, the 26th International Virus Bulletin conference, is an excellent reason to visit Denver, Colorado in the first week of October this year. Of course, we are biased, but a… https://www.virusbulletin.com/blog/2016/06/bsides-denver-take-place-day-after-vb2016/

VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format

In their VB2015 paper, Peter Kálnai and Jaromír Hořejší look at the current state of DDoS trojans forming covert botnets on unsuspecting systems. The paper provides a technical analysis of the most important malware families, focusing on infection methods…
Recently, a new trend has emerged in non-Windows DDoS attacks. Malware has evolved into complex and relatively sophisticated pieces of code, employing compression, advanced… https://www.virusbulletin.com/blog/2016/06/vb2015-paper-ddos-trojan-malicious-concept-conquered-elf-format1/

Throwback Thursday: Hyppönen, that Data Fellow / Finnish Sprayer

This week, well known and universally respected industry guru Mikko Hyppönen celebrates his 25th anniversary of working at F-Secure (formerly known as Data Fellows). VB takes a look back in the archives at two articles published in 1994: an "insight" into…
This week, well known and universally respected industry guru Mikko Hyppönen celebrates his 25th anniversary of working at F-Secure (formerly known as Data Fellows). In… https://www.virusbulletin.com/blog/2016/06/throwback-thursday-hypponen-data-fellow-finnish-sprayer/

June 2016

https://www.virusbulletin.com/blog/2016/06/

VB2015 paper: Economic Sanctions on Malware

Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and public-key infrastructure in strateg…
Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer: making attackers spend real money before they can deploy malware… https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/

Virus Bulletin's job site for recruiters and job seekers

Virus Bulletin has relaunched its security job vacancy service and added a new section, in which job seekers can advertise their skills and experience.
Security is doing well. Not necessarily the security of your personal devices, corporate networks and critical infrastructure, but as an area to work in, IT security seems to be a… https://www.virusbulletin.com/blog/2016/05/looking-job-or-fill-vacancy-virus-bulletin-here-help/

Throwback Thursday: One_Half: The Lieutenant Commander?

In October 1994, a new multi-partite virus appeared, using some of the techniques developed by the Dark Avenger in Commander_Bomber. As if this were not enough, the One_Half virus could also encrypt vital parts of the fixed disk. Eugene Kaspersky provided…
The recently encountered Petya trojan comes as something of a blast from the past: it infects the Master Boot Record (MBR) and encrypts the Master File Table (MFT). Kaspersky… https://www.virusbulletin.com/blog/2016/05/throwback-thursday-one-half-lieutenant-commander/

Advertisements on Blogspot sites lead to support scam

Support scam pop-ups presented through malicious advertisements show that, next to vulnerable end points, gullible users remain an easy source of money for online criminals.
In our research for the VBWeb tests, in which we measure the ability of security products to block malicious web traffic, we recently noticed some sites hosted on Google's… https://www.virusbulletin.com/blog/2016/05/advertisements-blogspot-sites-lead-support-scam/

« Previous 1...2425262728...120 Next »