VB Blog

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

Posted by   Martijn Grooten on   Nov 22, 2019

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his presentation.

Read more  

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Posted by   Martijn Grooten on   Nov 21, 2019

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and the affiliate scheme behind it. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Domestic Kitten: an Iranian surveillance program

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video of their presentation.

Read more  

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

Read more  

VB2019 paper: DNS on fire

Posted by   Martijn Grooten on   Nov 7, 2019

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

Read more  

German Dridex spam campaign is unfashionably large

Posted by   Martijn Grooten on   Nov 6, 2019

VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.

Read more  

Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

Posted by   Martijn Grooten on   Nov 5, 2019

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.

Read more  

Emotet continues to bypass many email security products

Posted by   Martijn Grooten on   Nov 4, 2019

Having returned from a summer hiatus, Emotet is back targeting inboxes and, as seen in the VBSpam test lab, doing a better job than most other malicious campaigns at bypassing email security products.

Read more  

VB2019 paper: We need to talk - opening a discussion about ethics in infosec

Posted by   Martijn Grooten on   Nov 1, 2019

Those working in the field of infosec are often faced with ethical dilemmas that are impossible to avoid. Today, we publish a VB2019 paper by Kaspersky researcher Ivan Kwiatkowski looking at ethics in infosec as well as the recording of Ivan's presentation.

Read more  

Stalkerware poses particular challenges to anti-virus products

Posted by   Martijn Grooten on   Oct 31, 2019

Malware used in domestic abuse situations is a growing threat, and the standard way for anti-virus products to handle such malware may not be good enough. But that doesn't mean there isn't an important role for anti-virus to play.

Read more  
Previous1...7891011...215Next

Search blog

VB2014 preview: two papers on Linux server malware

Researchers from ESET, Yandex and Symantec look at emerging malware trend.
Researchers from ESET, Yandex and Symantec look at emerging malware trend.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at… https://www.virusbulletin.com/blog/2014/09/preview-two-papers-linux-server-malware/

VB2014 preview: keynote and closing panel

Vulnerability disclosure one of the hottest issues in security.
Vulnerability disclosure one of the hottest issues in security. In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more… https://www.virusbulletin.com/blog/2014/09/preview-keynote-and-closing-panel/

Report: VB100 comparative review on Windows Server 2012

23 out of 29 tested products earn VB100 award.
23 out of 29 tested products earn VB100 award.Windows Server 2012 is the server version of Windows 8, the most recent version of Microsoft's operating system. Though supposedly… https://www.virusbulletin.com/blog/2014/09/report-comparative-review-windows-server-2012/

DNS cache poisoning used to steal emails

Call to use end-to-end encryption and to deploy DNSSEC.
Call to use end-to-end encryption and to deploy DNSSEC.DNS is sometimes called 'the phone book of the Internet'. If true, then it is a phone book that makes it relatively easy to… https://www.virusbulletin.com/blog/2014/09/dns-cache-poisoning-used-steal-emails/

VB2014 preview: Apple without a shell - iOS under targeted attack

FireEye researchers show a large attack vector for Apple's mobile operating system.
FireEye researchers show a large attack vector for Apple's mobile operating system.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are… https://www.virusbulletin.com/blog/2014/09/preview-apple-without-shell-ios-under-targeted-attack/

Left-to-right override makes a return in spam

Trick shows that spammers still try to beat content-based filters.
Trick shows that spammers still try to beat content-based filters. A decade ago, when spam had become a serious issue, most spam filters tried to block the unwanted emails based on… https://www.virusbulletin.com/blog/2014/09/left-right-override-makes-return-spam/

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part two

Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine.
Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine. Last week, we published the first part of the paper 'Prosecting the Citadel botnet -… https://www.virusbulletin.com/blog/2014/09/paper-prosecting-citadel-botnet-revealing-dominance-zeus-descendent-part-two/

Crypto blunder makes TorrentLocker easy to crack

Use of single XOR key leaves ransomware open to known-plaintext attack.
Use of single XOR key leaves ransomware open to known-plaintext attack. It has been said many times before: cryptography is hard. Earlier this year, the authors of the 'Bitcrypt'… https://www.virusbulletin.com/blog/2014/09/crypto-blunder-makes-torrentlocker-easy-crack/

VB2014 preview: The three levels of exploit testing

Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/09/preview-three-levels-exploit-testing/

VB2014 preview: last-minute papers added to the programme

Hot topics to be covered at VB2014 conference in Seattle.
Hot topics to be covered at VB2014 conference in Seattle. Although most of the VB2014 conference programme was announced back in April, it looks anything but dated. A paper on… https://www.virusbulletin.com/blog/2014/09/preview-last-minute-papers-added-programme/

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part one

Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud.
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud. It is unlikely that anyone still thinks that cybercrime is performed by 16-year-old kids who… https://www.virusbulletin.com/blog/2014/09/paper-prosecting-citadel-botnet-revealing-dominance-zeus-descendent-part-one/

VB2014 preview: Swipe away, we're watching you

Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.
Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/09/preview-swipe-away-we-re-watching-you/

September

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2014/09/

VB2014 preview: Design to discover: security analytics with 3D visualization engine

Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains.
Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference),… https://www.virusbulletin.com/blog/2014/08/preview-design-discover-security-analytics-3d-visualization-engine/

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.
If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper 'Optimized mal-ops. Hack the ad network like a boss'… https://www.virusbulletin.com/blog/2014/08/malicious-ads-served-java-com/

Srizbi kernel-mode spambot reappears as Pitou

Malware possibly still in the 'brewing' stage.
Malware possibly still in the 'brewing' stage. In November 2007, we published an article by Kimmo Kasslin (F-Secure) and Elia Florio (Symantec), in which they analysed the 'Srizbi'… https://www.virusbulletin.com/blog/2014/08/srizbi-kernel-mode-spambot-reappears-pitou/

VB2014 preview: Methods of malware persistence on Mac OS X

Patrick Wardle shows that OS X users really have something to worry about.
Patrick Wardle shows that OS X users really have something to worry about.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some… https://www.virusbulletin.com/blog/2014/08/preview-methods-malware-persistence-mac-os-x/

More than two million home routers have 'wide open backdoor'

Default password makes vulnerability easy to exploit.
Default password makes vulnerability easy to exploit. Researchers at Trend Micro have discovered an easy-to-exploit backdoor in routers from Chinese manufacturer Netcore, that… https://www.virusbulletin.com/blog/2014/08/more-two-million-home-routers-have-wide-open-backdoor/

VB2014 preview: Duping the machine - malware strategies, post sandbox detection

James Wyke looks at four difference decoy methods.
James Wyke looks at four difference decoy methods.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that… https://www.virusbulletin.com/blog/2014/08/preview-duping-machine-malware-strategies-post-sandbox-detection/

Paper: Bird's nest

Raul Alvarez studies the Neshta prepending file infector.
Raul Alvarez studies the Neshta prepending file infector. File infectors can be categorized by how they attach themselves to the host file. A cavity virus attaches itself to the… https://www.virusbulletin.com/blog/2014/08/paper-bird-s-nest/

« Previous 1...3738394041...120 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.