Blog keyword search

VB2019 paper: DNS on fire

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.
DNS on fire Read the paper (HTML) Download the paper (PDF)       The "phonebook of the Internet" has well outlived physical phonebooks, but that doesn't mean DNS is… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-dns-fire/

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender's IP address (and sometimes their domain) is listed as a known spammer.… https://www.virusbulletin.com/blog/2018/05/expired-domain-led-spamcannibal-blacklisting-whole-world/

$150k in cryptocurrency stolen through combined BGP-DNS hijack

A BGP hijack was used to take over some of Amazon's DNS infrastructure, which was then used to serve a phishing site to users of the MyEtherWallet service.
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP… https://www.virusbulletin.com/blog/2018/04/150-k-cryptocurrency-stolen-through-cominbed-bgp-dns-hijack/

Attack on Fox-IT shows how a DNS hijack can break multiple layers of security

Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS security from its post-mortem.
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT, which writes in great detail about how a DNS hijack was… https://www.virusbulletin.com/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/

VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale

At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahjoub and David Rodriguez presented a new approach to detecting infected machines using graphs to detect botnet traffic at scale. Today we publish both Dhia and David's paper and the recordi…
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-beyond-lexical-and-pdns-using-signals-graphs-uncover-online-threats-scale/

VB2017 preview: BPH exposed - RBN never left they just adapted and evolved. Did you?

We preview the VB2017 paper by Dhia Mahjoub (OpenDNS) and Jason Passwaters (Intel471) who combine an actor-centric and a network-centric approach to analysing bulletproof hosting operations.
Running a cybercriminal enterprise isn't all that easy. Try, for instance, setting up a site hosting malware and you'll find that sooner or later the provider will suspend your… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-bph-exposed-rbn-never-left-they-just-adapted-and-evolved-did-you/

VB2016 paper: Building a local passiveDNS capability for malware incident response

At VB2016, Splunk researchers Kathy Wang and Steve Brant presented a Splunk app that can be used to locally collect passive DNS data. A recording of their presentation is now available to view on our YouTube channel.
Anyone who has ever investigated a malware or phishing attack will know the feeling: "if only I could find out what IP address this domain pointed to when the attack took place".… https://www.virusbulletin.com/blog/2017/may/vb2016-paper-building-local-passivedns-capabilityfor-malware-incident-response/

Let's Encrypt certificate used in malversiting

We'd better get used to a world where malicious traffic is encrypted too.
We'd better get used to a world where malicious traffic is encrypted too. According to some people, myself included, Let's Encrypt was one of the best things that happened to the… https://www.virusbulletin.com/blog/2016/01/let-s-encrypt-certificate-used-malversiting/

VB2014 paper: Design to discover: security analytics with 3D visualization engine

Thibault Reuille and Dhia Mahjoub use DNS data to look for clusters of malicious domains.
Thibault Reuille and Dhia Mahjoub use DNS data to look for clusters of malicious domains.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014… https://www.virusbulletin.com/blog/2015/01/paper-design-discover-security-analytics-3d-visualization-engine/

VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet

Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.Over the next few months, we will be sharing VB2014 conference papers as… https://www.virusbulletin.com/blog/2014/11/paper-sweeping-ip-space-hunt-evil-internet/

DNS cache poisoning used to steal emails

Call to use end-to-end encryption and to deploy DNSSEC.
Call to use end-to-end encryption and to deploy DNSSEC.DNS is sometimes called 'the phone book of the Internet'. If true, then it is a phone book that makes it relatively easy to… https://www.virusbulletin.com/blog/2014/09/dns-cache-poisoning-used-steal-emails/

Browser-based ransomware uses scare tactics to extort money

Unsophisticated scam shows the high level of commoditization of today's cybercrime.
Unsophisticated scam shows the high level of commoditization of today's cybercrime. A case of browser-based ransomware, that is currently using social engineering tactics in an… https://www.virusbulletin.com/blog/2014/01/browser-based-ransomware-uses-scare-tactics-extort-money/

Spamhaus CIO calls for those running open DNS resolvers to be fined

Open DNS resolvers instrumental in many DDoS attacks.
Open DNS resolvers instrumental in many DDoS attacks. At the Cyber Security Summit in London, Richard Cox, CIO of DNS blacklist provider Spamhaus, called on the UK government to… https://www.virusbulletin.com/blog/2013/11/spamhaus-cio-calls-those-running-open-dns-resolvers-be-fined/

DNSSEC glitch causes .gov sites to become inaccessible

Name servers unable to distinguish faulty from rogue responses.
Name servers unable to distinguish faulty from rogue responses. A glitch at VeriSign yesterday led to DNSSEC-aware name servers being unable to verify responses on the .gov… https://www.virusbulletin.com/blog/2013/08/dnssec-glitch-causes-gov-sites-become-inaccessible/

Thousands of websites affected by nameserver hijack redirecting visitors to malware

DNS caching causes attack to have a long tail.
DNS caching causes attack to have a long tail. Yesterday, visitors to thousands of Dutch websites were served an 'under construction' page that, through a hidden iframe, was… https://www.virusbulletin.com/blog/2013/08/thousands-websites-affected-nameserver-hijack-redirecting-visitors-malware/

Hacktivists hijack DNS of popular websites

Security at registrars may be weak link.
Security at registrars may be weak link. A hacktivist group has managed to redirect the traffic of two popular websites by hijacking their DNS settings, researchers at Internet… https://www.virusbulletin.com/blog/2012/01/hacktivists-hijack-dns-popular-websites/

New RFC describes best practices for running DNS-based lists

DNSBL users advised to avoid those lists that charge for delisting.
DNSBL users advised to avoid those lists that charge for delisting. A new RFC document has been published that describes the best operational practices for the use of DNS-based… https://www.virusbulletin.com/blog/2012/01/new-rfc-describes-best-practices-running-dns-based-lists/

'Largest takedown ever' sees six arrested

Millions made through 'DNSChanger' malware.
Millions made through 'DNSChanger' malware. Six Estonian nationals have been arrested for taking part in a cybercrime ring that made money through DNS-changing malware that had… https://www.virusbulletin.com/blog/2011/11/largest-takedown-ever-sees-six-arrested/

DNS poisoning attack targeting Brazilian customers

ISP employee suspected of changing DNS cache.
ISP employee suspected of changing DNS cache. Millions of Internet users in Brazil may have been exposed to malware after the DNS caches of their ISPs were modified to redirect… https://www.virusbulletin.com/blog/2011/11/dns-poisoning-attack-targeting-brazilian-customers/

Microsoft's machines hijacked by spammers

Servers also used for DoS attack on security journalist's site.
Servers also used for DoS attack on security journalist's site. More than a thousand websites pushing spamvertised pharmaceuticals have been found to be using name servers on… https://www.virusbulletin.com/blog/2010/10/microsoft-s-machines-hijacked-spammers/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.