The set-up of the VBSpam test lab gives us a unique insight into the kinds of emails that are more likely to bypass email filters. This week we look at the malspam that was missed: a very international email with a link serving Emotet, an Italian Ursnif c…
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu. Virus Bulletin uses email feeds provided by Abusix and Project Honey Pot.… https://virusbulletin.com/blog/2019/02/malspam-security-products-miss-emotet-ursnif-and-spammers-blunder/
We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu.
In a talk I gave at IRISSCON last year (the video of which you will find… https://virusbulletin.com/blog/2019/01/spam-hardest-block-often-most-damaging/
The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.
If, at some point in the past few years, you have looked at a spam campaign in which a lot of emails were being sent from Vietnam or India, there's a good chance the spam was sent… https://virusbulletin.com/blog/2018/07/necurs-update-reminds-us-botnet-cannot-be-ignored/
Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
In email security circles, IPv6 is the elephant in the room.
While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will… https://virusbulletin.com/blog/2018/06/we-are-more-ready-ipv6-email-we-may-think/
At VB2017 in Madrid, CERT Poland researchers Maciej Kotowicz and Jarosław Jedynak presented a paper detailing their low-level analysis of five spam botnets. Today we publish their full paper.
Spam continues to be an important infection vector for many malware campaigns, but while a lot of attention is paid to the payloads delivered by these campaigns – Andrew Brandt's… https://virusbulletin.com/blog/2017/12/vb2017-paper-peering-spam-botnets/
Researchers at Mimecast have published a paper about the 'ROPEMAKER' exploit, which allows an email sender with malicious intentions to change the visial appearance of an email after it has been delivered.
Researchers at Mimecast have published details (pdf) of an email exploit they call 'ROPEMAKER' (short for 'Remotely Originated Post-delivery Email Manipulation Attacks Keeping… https://virusbulletin.com/blog/2017/08/ropemaker-email-exploit-limited-practical-use/