VB Blog

VB2018 paper: Little Brother is watching – we know all your secrets!

Posted by Martijn Grooten on Feb 1, 2019

At VB2018 in Montreal, researchers from Fraunhofer SIT looked at privacy vulnerabilities in legitimate Android family-tracking apps that leaked location data. Today, we publish both their paper and the video of their presentation.

Posted by Martijn Grooten on Jan 29, 2019

Threat intelligence teams would do well to recruit journalists, whose experience is crucial in today's threat landscape.

Posted by Martijn Grooten on Jan 28, 2019

Using data from our VBSpam lab, we looked at the malicious emails that have been missed recently by a large number of email security products.

Posted by Martijn Grooten on Jan 25, 2019

The Formbook information-stealing trojan may not be APT-grade malware, but its continuing spread means it can still be effective. At VB2018 in Montreal, Gabriela Nicolao, a researcher from Deloitte in Argentina, presented a short paper in which she looked at Formbook's background and history and analysed a sample of the malware. Today, we publish Gabriela's paper.

Posted by Martijn Grooten on Jan 24, 2019

With the VB2019 Call for Papers having opened last week, we explain how the selection procedure works, which may help you during your abstract submission.

Posted by Martijn Grooten on Jan 18, 2019

Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.

Posted by Martijn Grooten on Jan 17, 2019

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.

Posted by Helen Martin on Jan 17, 2019

Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.

Posted by Martijn Grooten on Jan 15, 2019

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!

Posted by Martijn Grooten on Jan 14, 2019

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

Previous1...1314151617...215Next

Search blog

VB2014 preview: Labelling spam through the analysis of protocol patterns

Andrei Husanu and Alexandru Trifan look at what TCP packet sizes can teach us.
Andrei Husanu and Alexandru Trifan look at what TCP packet sizes can teach us.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at… https://www.virusbulletin.com/blog/2014/08/preview-labelling-spam-through-analysis-protocol-patterns/

VB2014 preview: Optimized mal-ops. Hack the ad network like a boss

Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.
Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/08/preview-optimized-mal-ops-hack-ad-network-boss/

Guest blog: Cyber insurance, is it for you?

Sorin Mustaca looks at how companies trading online can insure the risks they run.
Sorin Mustaca looks at how companies trading online can insure the risks they run.Throughout its 25 year history, Virus Bulletin has regularly published technical analyses of the… https://www.virusbulletin.com/blog/2014/08/guest-blog-cyber-insurance-it-you/

Google to take tough stance on homoglyph attacks

Good idea, but unlikely to have a huge impact.
Good idea, but unlikely to have a huge impact. Ever since internationalized domain names (IDNs) were introduced in the last decade, allowing people to use non-ASCII characters in… https://www.virusbulletin.com/blog/2014/08/google-take-tough-stance-homoglyph-attacks/

VB2014 preview: P0wned by a barcode

Fabio Assolini to speak about malware targeting boletos.
Fabio Assolini to speak about malware targeting boletos.In the weeks running up to VB2014, we will look at some of the research that will be presented at the conference. In the… https://www.virusbulletin.com/blog/2014/08/preview-p0wned-barcode/

Paper: Inside the iOS/AdThief malware

75,000 jailbroken iOS devices infected with malware that steals ad revenues.
75,000 jailbroken iOS devices infected with malware that steals ad revenues. Believing that the device or operating system you use reduces your chance of being affected by malware… https://www.virusbulletin.com/blog/2014/08/paper-inside-ios-adthief-malware/

$83k in bitcoins 'stolen' through BGP hijack

Short-lived network changes used to make miners connect to rogue pool.
Short-lived network changes used to make miners connect to rogue pool. Researchers at Dell SecureWorks have discovered an operation that used BGP hijacking to force bitcoin miners… https://www.virusbulletin.com/blog/2014/08/83k-bitcoins-stolen-through-bgp-hijack/

Report: 15 solutions achieve VBSpam award

Despite short spike, image spam no problem for spam filters.
Despite short spike, image spam no problem for spam filters. Good news for those who need to run a spam filter (in other words: everyone who runs a mail server). For the second… https://www.virusbulletin.com/blog/2014/08/report-15-solutions-achieve-vbspam-award/

Researchers release CryptoLocker decryption tool

Tool uses private keys found in database of victims.
Tool uses private keys found in database of victims.Please note: this blog post was written in August 2014 and refers to a particular kind of encryption-ransomware that was active… https://www.virusbulletin.com/blog/2014/08/researchers-release-cryptolocker-decryption-tool/

Paper: IcoScript: using webmail to control malware

RAT gets instructions from Yahoo Mail address.
RAT gets instructions from Yahoo Mail address. One of the big challenges for malicious actors in operating a RAT (remote administration tool) is how to control the malware and… https://www.virusbulletin.com/blog/2014/08/paper-icoscript-using-webmail-control-malware/

August

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2014/08/

Paper: Learning about Bflient through sample analysis

Flexible module-handling mechanism allows malware to adjust functionalities at will.
Flexible module-handling mechanism allows malware to adjust functionalities at will. The history of the 'Bflient' worm goes back to the discovery of its first variants in June… https://www.virusbulletin.com/blog/2014/07/paper-learning-about-bflient-through-sample-analysis/

Report: VB100 comparative review on Windows 7

29 out of 35 tested products earn VB100 award.
29 out of 35 tested products earn VB100 award. The various changes at Virus Bulletin mean that things are busier than ever in our office. Still, behind the scenes we continue to… https://www.virusbulletin.com/blog/2014/07/report-comparative-review-windows-7/

Call for last-minute papers for VB2014 announced

Seven speaking slots waiting to be filled with presentations on 'hot' security topics.
Seven speaking slots waiting to be filled with presentations on 'hot' security topics. Earlier this year, we announced the programme for VB2014: three days filled with excellent… https://www.virusbulletin.com/blog/2014/07/call-last-minute-papers-announced/

Paper: Mayhem - a hidden threat for *nix web servers

New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.
New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a… https://www.virusbulletin.com/blog/2014/07/paper-mayhem-hidden-threat-nix-web-servers/

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.
Bugs to be reported to the vendor only, and to become public once patched.Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of… https://www.virusbulletin.com/blog/2014/07/google-s-project-zero-hunt-zero-days/

Paper: API-EPO

Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector.
Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector. A few months ago, we published an article by Fortinet's Raul Alvarez on the Expiro file… https://www.virusbulletin.com/blog/2014/07/paper-api-epo/

Paper: Not old enough to be forgotten: the new chic of Visual Basic 6

Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++.
Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++. Two months ago, Microsoft announced it had added 'Miuref' to its Malicious Software… https://www.virusbulletin.com/blog/2014/07/paper-not-old-enough-be-forgotten-new-chic-visual-basic-6/

Paper: VBA is not dead!

Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.Macro malware had long been assumed dead. After all, macros are disabled by… https://www.virusbulletin.com/blog/2014/07/paper-vba-not-dead/

'Cyber attack on hedge fund' turns out to be internal 'scenario' used by BAE Systems

Story that appeared to be taken from fiction turns out... to have been fiction.
Story that appeared to be taken from fiction turns out... to have been fiction. Two weeks after BAE Systems reported its technicians had thwarted an attack against hedge fund… https://www.virusbulletin.com/blog/2014/07/cyber-attack-hedge-fund-turns-out-be-internal-scenario-used-bae-systems/

« Previous 1...3839404142...120 Next »