VB Blog

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Posted by Martijn Grooten on Nov 3, 2017

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot infection process, and its aftermath, as seen through the lens of a tool used to perform man-in-the-middle decryption. Today, we publish both Andrew's slides and the recording of his presentation.

Posted by Martijn Grooten on Nov 2, 2017

Today, we publish a short paper in which CERT Société Générale presents FAME, its open source malware analysis framework.

Posted by Martijn Grooten on Oct 31, 2017

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.

Posted by Martijn Grooten on Oct 27, 2017

Crypton, a tool developed by F5 Networks researchers Julia Karpin and Anna Dorfman, aims to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. The researchers described the tool in a paper which they presented at VB2017 in Madrid. Today, we publish both the paper and the recording of their presentation.

Posted by Martijn Grooten on Oct 25, 2017

For many people, the threat of an abusive partner or ex-partner is very real - and the market for consumer spyware worryingly large. Today, we publish the recording of a presentation on the subject of consumer spyware given at VB2017 by The Daily Beast reporter Joseph Cox.

Posted by Martijn Grooten on Oct 23, 2017

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".

Posted by Martijn Grooten on Oct 20, 2017

We publish the VB2017 paper and video by Kaspersky Lab researchers Juan Andres Guerrero-Saade and Costin Raiu, in which they look at fourth-party collection (spies spying on other spies' campaigns) and its implications for attribution.

Posted by Martijn Grooten on Oct 11, 2017

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of the VB Conference? What did you think of this year's programme? And why couldn't you come to Madrid?

Posted by Martijn Grooten on Oct 10, 2017

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.

Posted by Virus Bulletin on Oct 5, 2017

In a special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday.

Previous1...2829303132...215Next

Search blog

April

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2012/04/

Microsoft Word for Mac exploit used in targeted attacks

Tibetan NGOs targeted.
Tibetan NGOs targeted. Researchers at Alienvault have discovered a targeted attack against Tibetan NGOs that uses a three-year-old vulnerability in Microsoft Office for Mac.… https://www.virusbulletin.com/blog/2012/03/microsoft-word-mac-exploit-used-targeted-attacks/

AV-Test issues latest results summary

Bi-monthly stats released for 31 consumer and business products.
Bi-monthly stats released for 31 consumer and business products. Independent testing body Av-Test.org has published its latest round of results, covering some 23 consumer products… https://www.virusbulletin.com/blog/2012/03/av-test-issues-latest-results-summary/

Spam catch rates drop in latest VBSpam test

Catch rates significantly lower than in previous months.
Catch rates significantly lower than in previous months. In the latest VBSpam comparative test, 20 solutions achieved a VBSpam award, but the majority displayed significantly lower… https://www.virusbulletin.com/blog/2012/03/spam-catch-rates-drop-latest-vbspam-test/

March issue of VB published

The March issue of Virus Bulletin is now available for subscribers to download.
The March issue of Virus Bulletin is now available for subscribers to download. The March 2012 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2012/03/march-issue-vb-published/

March

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2012/03/

'Unsubscribe' URL in junk fax leads to malware

Trojan downloader behind .co.cc URL.
Trojan downloader behind .co.cc URL. Researchers at Vircom have discovered a junk fax with an 'unsubscribe' URL which contained a trojan downloader. Junk faxes (also known as 'fax… https://www.virusbulletin.com/blog/2012/02/unsubscribe-url-junk-fax-leads-malware/

New Zeus/SpyEye botnet does away with command-and-control servers

Increasing use of UDP to avoid communication tracking.
Increasing use of UDP to avoid communication tracking. Researchers at Symantec have discovered a new parallel build of Zeus (also known as Zbot) and SpyEye that appears to be… https://www.virusbulletin.com/blog/2012/02/new-zeus-spyeye-botnet-does-away-command-and-control-servers/

200-fold increase in HTML-attachment spam

Cutwail botnet likely behind campaign that sends users to Phoenix exploit kit.
Cutwail botnet likely behind campaign that sends users to Phoenix exploit kit. Researchers at M86 have reported a significant increase in the amount of spam sent with malicious… https://www.virusbulletin.com/blog/2012/02/200-fold-increase-html-attachment-spam/

'Hotmail and Gmail have best spam filter' says Cascade spam test

Comparative test did not take false positives into account.
Comparative test did not take false positives into account. Researchers from Cascade Insights performed a comparative spam filtering test on the three major webmail providers and… https://www.virusbulletin.com/blog/2012/02/hotmail-and-gmail-have-best-spam-filter-says-cascade-spam-test/

February

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2012/02/

February issue of VB published

The February issue of Virus Bulletin is now available for subscribers to download.
The February issue of Virus Bulletin is now available for subscribers to download. The February 2012 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2012/02/february-issue-vb-published/

Hacktivists hijack DNS of popular websites

Security at registrars may be weak link.
Security at registrars may be weak link. A hacktivist group has managed to redirect the traffic of two popular websites by hijacking their DNS settings, researchers at Internet… https://www.virusbulletin.com/blog/2012/01/hacktivists-hijack-dns-popular-websites/

New RFC describes best practices for running DNS-based lists

DNSBL users advised to avoid those lists that charge for delisting.
DNSBL users advised to avoid those lists that charge for delisting. A new RFC document has been published that describes the best operational practices for the use of DNS-based… https://www.virusbulletin.com/blog/2012/01/new-rfc-describes-best-practices-running-dns-based-lists/

Vulnerability turns McAfee's anti-malware solution into open relay

Flaw allows for spam to be sent through customers' PCs.
Flaw allows for spam to be sent through customers' PCs. A vulnerability discovered in McAfee's SaaS for Total Protection, the company's hosted anti-malware solution, effectively… https://www.virusbulletin.com/blog/2012/01/vulnerability-turns-mcafee-s-anti-malware-solution-open-relay/

AV-Test releases latest results

Business and consumer products achieve high pass rate.
Business and consumer products achieve high pass rate. Independent testing lab AV-Test.org has released its latest batch of test results, with 23 consumer products and eight… https://www.virusbulletin.com/blog/2012/01/av-test-releases-latest-results/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

Spammers link to site containing QR code

Curious users may scan URL and end up on pharma websites.
Curious users may scan URL and end up on pharma websites. Researchers at Websense have discovered spam containing links to a site containing a QR code in which the spam's target… https://www.virusbulletin.com/blog/2012/01/spammers-link-site-containing-qr-code/

January issue of VB published

The January issue of Virus Bulletin is now available for subscribers to download.
The January issue of Virus Bulletin is now available for subscribers to download. The January 2012 issue of Virus Bulletin is now available for subscribers to browse online or… https://www.virusbulletin.com/blog/2012/01/january-issue-vb-published/

2012

Latest news from the anti-virus industry provided by independent anti-virus advisors, Virus Bulletin
NewsDecember issue of VB published The December issue of Virus Bulletin is now available for subscribers to download. 03 December 2012Virus Bulletin announces VBWeb tests for web… https://www.virusbulletin.com/blog/2012/

« Previous 1...4950515253...120 Next »