VB Blog

VB2016 video: Last-minute paper: Malicious proxy auto-configs: an easy way to harvest banking credentials

Posted by   Martijn Grooten on   May 30, 2017

In a VB2016 last-minute presentation, Jaromír Horejší and Jan Širmer looked at Retefe, a trojan that has targeted banks in several European countries and used malicious proxy auto-config filesto redirect users' traffic to a server controlled by the attackers. A recording of their presentation is now available to view on our YouTube channel.

Read more  

WannaCry shows we need to understand why organizations don't patch

Posted by   Martijn Grooten on   May 17, 2017

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Read more  

Modern security software is not necessarily powerless against threats like WannaCry

Posted by   Martijn Grooten on   May 15, 2017

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Read more  

Throwback Thursday: CARO: A personal view

Posted by   Helen Martin on   May 11, 2017

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light on the organization, to explain in detail CARO's main activities and functions, as well as the reasons behind its strict membership regulations.

Read more  

VB2016 paper: Uncovering the secrets of malvertising

Posted by   Martijn Grooten on   May 10, 2017

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them with infinite precision and deliver such payloads as ransomware. Today, we publish a paper presented at VB2016 in Denver by Malwarebytes researchers Jérôme Segura and Chris Boyd, in which they look at the advertising ecosystem, how it is used, and at what techniques are being utilised to spread malware

Read more  

Throwback Thursday: Tools of the DDoS Trade

Posted by   Helen Martin on   May 4, 2017

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.

Read more  

VB2016 paper: Building a local passiveDNS capability for malware incident response

Posted by   Martijn Grooten on   May 4, 2017

At VB2016, Splunk researchers Kathy Wang and Steve Brant presented a Splunk app that can be used to locally collect passive DNS data. A recording of their presentation is now available to view on our YouTube channel.

Read more  

VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle

Posted by   Martijn Grooten on   Apr 28, 2017

In a VB2016 last-minute presentation, ESET researchers Peter Kalnai and Martin Jirkal looked at the OS X malware threats KeRanger and Keydnap, that both spread through a compromised BitTorrent client. A recording of their presentation is now available to view on our YouTube channel.

Read more  

Consumer spyware: a serious threat with a different threat model

Posted by   Martijn Grooten on   Apr 25, 2017

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?

Read more  

VB2016 paper: Debugging and monitoring malware network activities with Haka

Posted by   Martijn Grooten on   Apr 24, 2017

In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now available to read/view on www.virusbulletin.com.

Read more  

Search blog

New OpenOffice proof-of-concept widely noted

Odd payload, not spreading danger, brings attention to cross-platform worm.
Odd payload, not spreading danger, brings attention to cross-platform worm. A new proof-of-concept malware exploiting the OpenOffice document format has made headlines across the… https://www.virusbulletin.com/blog/2007/05/new-openoffice-proof-concept-widely-noted/

Norton FP trashes Chinese systems

Vital DLLs flagged as malware disable Windows XP across China.
Vital DLLs flagged as malware disable Windows XP across China. A serious false positive, caused by an erroneous update to Symantec's Norton Anti-virus product range issued late… https://www.virusbulletin.com/blog/2007/05/norton-fp-trashes-chinese-systems/

Zango sues PC Tools for $35 million

'Reformed' adware shippers upset by detection and removal.
'Reformed' adware shippers upset by detection and removal. Adware and sometime spyware maker Zango has brought a suit against anti-spyware firm PC Tools complaining that the… https://www.virusbulletin.com/blog/2007/05/zango-sues-pc-tools-35-million/

New spam-fighting system for France

Junk mail blacklisting project goes live.
Junk mail blacklisting project goes live. A group of public bodies and private companies have joined forces to implement a new system allowing French email users to report spam… https://www.virusbulletin.com/blog/2007/05/new-spam-fighting-system-france/

Estonian websites suffer wave of DoS attacks

Baltic republic accuses Russia of cyber-warfare.
Baltic republic accuses Russia of cyber-warfare. A wave of denial of service (DoS) attacks on Estonian websites has prompted the Estonian government to accuse its neighbour of… https://www.virusbulletin.com/blog/2007/05/estonian-websites-suffer-wave-dos-attacks/

Symantec files 8 piracy suits

Symantec pursues distributors of counterfeit software.
Symantec pursues distributors of counterfeit software.Symantec has revealed that it has filed civil lawsuits against eight US and Canadian companies accused of selling counterfeit… https://www.virusbulletin.com/blog/2007/05/symantec-files-8-piracy-suits/

Verizon acquires Cybertrust

ICSA Labs parent company subsumed.
ICSA Labs parent company subsumed.Verizon Business, a division of Verizon Communications has announced that it is set to acquire managed security services supplier Cybertrust. The… https://www.virusbulletin.com/blog/2007/05/verizon-acquires-cybertrust/

Latest flaws affect AV giants

Symantec, McAfee and CA all patch vulnerabilities.
Symantec, McAfee and CA all patch vulnerabilities. Three of the biggest names in the security sector, McAfee, Symantec and CA, have all revealed details of flaws in their software… https://www.virusbulletin.com/blog/2007/05/latest-flaws-affect-av-giants/

Phishing techniques and technology revealed

Serious software used to analyse phished data, and a phisher talks.
Serious software used to analyse phished data, and a phisher talks. Some insights into the workings of phishing scams were revealed this week, as a sophisticated tool designed to… https://www.virusbulletin.com/blog/2007/05/phishing-techniques-and-technology-revealed/

1.4 million Chinese infected over holiday week

May vacations bring trojan avalanche for gamers and filesharers.
May vacations bring trojan avalanche for gamers and filesharers. Chinese computers, in heavy use with many people off work for the Labour Day holiday week, have suffered a major… https://www.virusbulletin.com/blog/2007/05/1-4-million-chinese-infected-over-holiday-week/

Five ISPs hosting a third of malware, says study

StopBadware survey finds small group of ISPs most to blame.
StopBadware survey finds small group of ISPs most to blame. In a recent study of almost 50,000 sites known to be hosting malware, five ISPs have been identified as repeat… https://www.virusbulletin.com/blog/2007/05/five-isps-hosting-third-malware-says-study/

ZOO archive issues hit security vendors

Errors handling rare format patched by four AV and anti-spam products.
Errors handling rare format patched by four AV and anti-spam products. A researcher has revealed details of flawed implementation of a somewhat archaic archive format, .zoo, which… https://www.virusbulletin.com/blog/2007/05/zoo-archive-issues-hit-security-vendors/

Phishing moves into more new areas

Surveys, phone lines, USB sticks and call girls the latest tactics for spammers and phishers.
Surveys, phone lines, USB sticks and call girls the latest tactics for spammers and phishers. The latest social-engineering methods being put to use by phishers show no let up in… https://www.virusbulletin.com/blog/2007/05/phishing-moves-more-new-areas/

7 critical flaws patched on Patch Tuesday

May Security Bulletin covers wide range of vulnerabilities.
May Security Bulletin covers wide range of vulnerabilities.Microsoft's latest 'Patch Tuesday' security bulletin included fixes for seven vulnerabilities, all rated 'Critical' and… https://www.virusbulletin.com/blog/2007/05/7-critical-flaws-patched-patch-tuesday/

I-SPY chases SPY-ACT through approval process

Second piece of US anti-spyware legislation given go-ahead.
Second piece of US anti-spyware legislation given go-ahead. With the 'Securely Protect Yourself Against Cyber Trespass Act' (aka SPY-ACT act) approved by a House of Representatives… https://www.virusbulletin.com/blog/2007/05/i-spy-chases-spy-act-through-approval-process/

Questionable false positive file removed

Amendment to VB's April Linux comparative review.
Amendment to VB's April Linux comparative review. In Virus Bulletin's April 2007 Linux comparative review (see VB, April 2007, p.11), VB reported that ESET's product NOD32 had… https://www.virusbulletin.com/blog/2007/05/questionable-false-positive-file-removed/

Microsoft to beat Symantec to corporate release punch

With Forefront due out soon, Symantec's latest release suffers further delay.
With Forefront due out soon, Symantec's latest release suffers further delay.Microsoft has announced the release to manufacture of Forefront Client, the corporate implementation of… https://www.virusbulletin.com/blog/2007/05/microsoft-beat-symantec-corporate-release-punch/

Law to stop spam reaching kids dubbed a failure

Utah registry to protect children's email leaks cash and addresses.
Utah registry to protect children's email leaks cash and addresses. A law enacted in the state of Utah, as well as some other states, with the aim of preventing spammers from… https://www.virusbulletin.com/blog/2007/05/law-stop-spam-reaching-kids-dubbed-failure/

Botnet DoS no longer profitable

Extortion attacks fall as herders find easier money elsewhere.
Extortion attacks fall as herders find easier money elsewhere. The use of armies of botnets to carry out denial-of-service attacks on lucrative websites, as a method of extorting… https://www.virusbulletin.com/blog/2007/05/botnet-dos-no-longer-profitable/

Touchy mail blocker upsets Gay

Content filter berates woman for using own name in mails.
Content filter berates woman for using own name in mails. A woman has complained to the New Zealand ISP Telecom after an email she sent them was bounced back to her, with a message… https://www.virusbulletin.com/blog/2007/05/touchy-mail-blocker-upsets-gay/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.