VB Blog

VB2019 paper: Defeating APT10 compiler-level obfuscations

Posted by   Virus Bulletin on   Mar 13, 2020

At VB2019 in London, Carbon Black researcher Takahiro Haruyama presented a paper on defeating compiler-level obfuscations used by the APT10 group. Today we publish both Takahiro's paper and the recording of his presentation.

Read more  

VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Posted by   Virus Bulletin on   Mar 12, 2020

At VB2019 in London Michael Raggi (Proofpoint) and Ghareeb Saad (Anomali) presented a paper on the 'Royal Road' exploit builder (or weaponizer) and how the properties of RTF files can be used to track weaponizers and their users. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 presentation: Nexus between OT and IT threat intelligence

Posted by   Virus Bulletin on   Mar 11, 2020

Operational technology, the mission critical IT in ICS, shares many similarities with traditional IT systems, but also some crucial differences. During the Threat Intelligence Practitioners’ Summit at VB2019, Dragos cyber threat intelligence analyst Selena Larson gave a keynote on these similarities and differences. Today we release the recording of her presentation.

Read more  

VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

Posted by   Virus Bulletin on   Mar 10, 2020

In a paper presented at VB2019 in London, researchers fron the Financial Security Institute detailed the tools and activities used by the APT group 'Kimsuky', some of which they were able to analyse through OpSec failures by the group. Today, we publish their paper.

Read more  

VB2019 paper: Play fuzzing machine - hunting iOS and macOS kernel vulnerabilities automatically and smartly

Posted by   Virus Bulletin on   Mar 9, 2020

In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how the hunt for vulnerabilities in MacOS and iOS operating systems can be made both smarter and more automatic. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Finding drive-by rookies using an automated active observation platform

Posted by   Virus Bulletin on   Mar 6, 2020

In a last-minute paper presented at VB2019 in London, Rintaro Koike (NTT Security) and Yosuke Chubachi (Active Defense Institute, Ltd) discussed the platform they have built to automatically detect and analyse exploit kits. Today we publish the recording of their presentation.

Read more  

VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary

Posted by   Virus Bulletin on   Feb 28, 2020

The activities of China-based threat actor PKPLUG were detailed in a VB2019 paper by Palo Alto Networks researcher Alex Hinchliffe, who described the playbook of this long-standing adversary. Today we publish both Alex's paper and the recording of his presentation.

Read more  

VB2019 paper: Static analysis methods for detection of Microsoft Office exploits

Posted by   Virus Bulletin on   Feb 25, 2020

Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits.

Read more  

New paper: LokiBot: dissecting the C&C panel deployments

Posted by   Helen Martin on   Feb 17, 2020

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the URL structure of the LokiBot C&C panels and how they have evolved over time.

Read more  

VB2019 presentation: Building secure sharing systems that treat humans as features not bugs

Posted by   Helen Martin on   Feb 14, 2020

In a presentation at VB2019 in London, Virtru's Andrea Limbago described how, by exploring data sharing challenges through a socio-technical lens, it is possible to make significant gains toward the secure sharing systems and processes that are vital for innovation and collaboration. Today we release the recording of her presentation.

Read more  

Search blog

TJX hack thought biggest ever

Over 45 million card numbers gathered in massive breach.
Over 45 million card numbers gathered in massive breach. A report into a security breach at major US retailer TJX has revealed a lengthy and sophisticated attack which scooped vast… https://www.virusbulletin.com/blog/2007/03/tjx-hack-thought-biggest-ever/

Fujacks writer's removal tool slated

Virus creator's anti-virus not up to scratch, says Symantec.
Virus creator's anti-virus not up to scratch, says Symantec. A cleanup tool created by the writer of the Fujacks virus, also known as the 'Panda burning incense' virus in reference… https://www.virusbulletin.com/blog/2007/03/fujacks-writer-s-removal-tool-slated/

Another Windows zero-day exploit seen in wild

Trojans sneaking in through animated cursor flaw.
Trojans sneaking in through animated cursor flaw. A vulnerability has been discovered in the handling of .ani files, used for animated cursors on web pages and in HTML emails, and… https://www.virusbulletin.com/blog/2007/03/another-windows-zero-day-exploit-seen-wild/

Woolworths to join UK AV market

Retail chain set to issue own-label software range.
Retail chain set to issue own-label software range. Major UK high street retailer Woolworths is set to follow supermarket giant Tesco in releasing its own-brand range of software… https://www.virusbulletin.com/blog/2007/03/woolworths-join-uk-av-market/

Malware danger and profitability rising

Symantec, FBI reports show general increases in money-driven threats.
Symantec, FBI reports show general increases in money-driven threats. Two major new reports on computer security issues have shown a steady rise in just about every aspect of… https://www.virusbulletin.com/blog/2007/03/malware-danger-and-profitability-rising/

Huge haul of ID data stolen by trojan

Smart Russian spyware gathered info 'unnoticed' for 54 days.
Smart Russian spyware gathered info 'unnoticed' for 54 days. According to researchers at SecureWorks, a sophisticated trojan which spread through browser exploits, harvested… https://www.virusbulletin.com/blog/2007/03/huge-haul-id-data-stolen-trojan/

Search, link and trackback spam flooding web

Blogs, social sites and search results rivaling email for junk ads.
Blogs, social sites and search results rivaling email for junk ads. Email, long the most popular and lucrative means of getting advertising in front of computer users, is being… https://www.virusbulletin.com/blog/2007/03/search-link-and-trackback-spam-flooding-web/

RSA to provide trojan removal services

Anti-fraud system provides avenue for reporting and stopping targeted attacks.
Anti-fraud system provides avenue for reporting and stopping targeted attacks. Security firm RSA has announced a new system to block spyware and phishing fraud, by taking down… https://www.virusbulletin.com/blog/2007/03/rsa-provide-trojan-removal-services/

MS admits serious problems with OneCare

Detection failures and other issues confirmed, improvements promised.
Detection failures and other issues confirmed, improvements promised.Microsoft's Windows Live OneCare, hit by a series of public relations difficulties recently with failures in… https://www.virusbulletin.com/blog/2007/03/ms-admits-serious-problems-onecare/

No fanfare for Windows Server 2003 SP2

Major update release emerges in mysterious silence.
Major update release emerges in mysterious silence.Microsoft has released a new service pack for its Windows Server 2003 platform, almost entirely without warning or promotion. The… https://www.virusbulletin.com/blog/2007/03/no-fanfare-windows-server-2003-sp2/

Yet more vulnerabilities in major security products

Serious McAfee buffer overflow flaws join yet another Trend UPX issue.
Serious McAfee buffer overflow flaws join yet another Trend UPX issue. Several vulnerabilities have been found in McAfee's ePolicy Orchestrator management tool, which could be… https://www.virusbulletin.com/blog/2007/03/yet-more-vulnerabilities-major-security-products/

UK bankers show 44% rise in online theft

APACS study records major increase in phishing fraud earnings.
APACS study records major increase in phishing fraud earnings. UK banking payments body APACS has released its latest figures for credit card and other types of banking fraud,… https://www.virusbulletin.com/blog/2007/03/uk-bankers-show-44-rise-online-theft/

Trend takes over HijackThis

Popular free spyware-spotting tool acquired by security giant.
Popular free spyware-spotting tool acquired by security giant.Trend Micro has announced the acquisition of HijackThis, the popular freely available tool designed to reveal hidden… https://www.virusbulletin.com/blog/2007/03/trend-takes-over-hijackthis/

OneCare causing Outlook havoc

Old mailbox deletion bug resurfaces, upsets users
Old mailbox deletion bug resurfaces, upsets usersMicrosoft's Windows Live OneCare has been the cause of considerable frustration to its users recently, with an issue with the… https://www.virusbulletin.com/blog/2007/03/onecare-causing-outlook-havoc/

March Patch Tuesday cancelled

MS announces no security patches this month.
MS announces no security patches this month. With several known vulnerabilities still affecting Windows and other products, Microsoft has announced that there will be no security… https://www.virusbulletin.com/blog/2007/03/march-patch-tuesday-cancelled/

Report on TLD DNS DDoS attack released

Fact sheet on web root server bombardment published by ICANN.
Fact sheet on web root server bombardment published by ICANN. The Internet Corporation for Assigned Names and Numbers (ICANN), the body responsible for controlling the DNS system… https://www.virusbulletin.com/blog/2007/03/report-tld-dns-ddos-attack-released/

SEC halts trading in spammed stocks

Share trading in 35 pumped and dumped companies suspended.
Share trading in 35 pumped and dumped companies suspended. The US Securities and Exchange Commission (SEC) announced yesterday that it had suspended trading in the stocks of 35… https://www.virusbulletin.com/blog/2007/03/sec-halts-trading-spammed-stocks/

New Zealand passes anti-spam law

As bulk emailing is regulated in NZ, Canada hears calls for similar laws.
As bulk emailing is regulated in NZ, Canada hears calls for similar laws. The New Zealand government announced last week the final passing of a law to control spam originating in… https://www.virusbulletin.com/blog/2007/03/new-zealand-passes-anti-spam-law/

Gromozon hijacks Italian MSN searches

Link bombing pushes blended spyware attack to top of popular search results.
Link bombing pushes blended spyware attack to top of popular search results. The gang behind the sophisticated Gromozon blended threat, also known as LinkOptimizer, is thought to… https://www.virusbulletin.com/blog/2007/03/gromozon-hijacks-italian-msn-searches/

OneCare fails another detection test

Microsoft product found not up to scratch in AV-Comparatives review.
Microsoft product found not up to scratch in AV-Comparatives review. Respected testing organisation AV-Comparatives has released the results of its latest in-depth test of… https://www.virusbulletin.com/blog/2007/03/onecare-fails-another-detection-test/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.