The Formbook information-stealing trojan may not be APT-grade malware, but its continuing spread means it can still be effective. At VB2018 in Montreal, Gabriela Nicolao, a researcher from Deloitte in Argentina, presented a short paper in which she looked…
The Formbook information-stealing trojan has been spread by a number of recent spam campaigns. The malware was advertised in hacking forums as long ago as January 2016, but wasn't… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-inside-formbook-infostealer/
Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.
It is good practice not to mock or laugh at hacking victims. But when the victim is a company that itself is in the business of hacking and has a habit of selling its products and… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-hacking-team-hacked-team/
Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.
When a daily sports paper compares a national soccer crisis with the spread of an Internet worm, you know that the worm has had an enormous impact on everyday life. This was the… https://www.virusbulletin.com/blog/2019/01/throwback-thursday-were-all-doomed1/
We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu.
In a talk I gave at IRISSCON last year (the video of which you will find… https://www.virusbulletin.com/blog/2019/01/spam-hardest-block-often-most-damaging/
Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!
The call for papers for VB2019, the 29th Virus Bulletin International Conference, which will take place in London, UK, 2-4 October 2019, is now open!
We welcome submissions on… https://www.virusbulletin.com/blog/2019/01/vb2019-call-papers-now-open/
VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.
At a recent security conference, one speaker asked how many of the audience remembered the 2007 Storm Worm. Only about half the members of the audience of malware researchers… https://www.virusbulletin.com/blog/2018/12/book-review-cyber-wars/
At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.
A large portion of today's malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-office-bugs-rise/
Today, we release the video of the VB2018 presentation by Check Point researcher Aseel Kayal, who connected the various dots relating to campaigns by the APT-C-23 threat group.
The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in… https://www.virusbulletin.com/blog/2018/12/vb2018-video-big-bang-theory-apt-c-23/
Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.
The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-tracking-mirai-variants/
2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender researchers A…
Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-hidenseek-adaptive-peer-peer-iot-botnet/
In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018 presentati…
The Necurs botnet has been active for some time. In 2014, Virus Bulletin published a 3-part article by Peter Ferrie (1, 2, 3) who had studied the botnet in great detail. And… https://www.virusbulletin.com/blog/2018/12/new-paper-botception-botnet-distributes-script-bot-capabilities/
Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware.
SamSam has been one of the most successful… https://www.virusbulletin.com/blog/2018/11/vb2018-video-behind-scenes-samsam-investigation/
VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.
In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.
In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.
At VB2019, CSIS researcher Benoît Ancel spoke about a quiet banking trojan actor that has been targeting German users since at least 2014.
The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to Prague!
We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.
VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.
At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.
At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.
At VB2020, researcher Paul Litvak revealed how he put together a comprehensive map of threat actor use of open-source offensive security tools.