Virus Bulletin - November 2013


Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2013-11-04


Comment

Perhaps email is broken after all

‘If anyone were to invent SMTP today and decide it was a good idea for messages to be sent in plain text, they would receive short shrift.’ Martijn Grooten considers the current state of email in light of recent security-related incidents.

Martijn Grooten - Virus Bulletin, UK

News

Governments seek to boost cyber defences & skills

UK starts recruitment for Cyber Reserve Unit; India plans to increase number of reverse engineering professionals.

Helen Martin - Virus Bulletin, UK

Finnish government breach

Finnish Ministry of Foreign affairs breached over four-year period.

Helen Martin - Virus Bulletin, UK

Employee awareness and security budgets still found lacking

Only 17% of respondents in Ernst & Young survey say their company’s information security function fully meets the needs of their organization.

Helen Martin - Virus Bulletin, UK

Conference report

Berlin time

The first week of October saw the 23rd anniversary of German reunification and the 23rd Virus Bulletin International Conference – in Berlin. Helen Martin reports on the latter.

Helen Martin - Virus Bulletin, UK

Malware analyses

Another tussle with Tussie

When one has a nice idea – such as a tricky method for encoding data – it is common to take that idea and improve on it. It is rare to see someone take such an idea and degenerate it, but that’s exactly what we see in W32/Tussie.B. Peter Ferrie reports.

Peter Ferrie - Microsoft, USA

Neurevt bot analysis

Neurevt is a relatively new HTTP bot that already has a lot of functionalities along with an extendable and flexible infrastructure. Zhongchun Huo takes a detailed look at its infrastructure, communication protocol and encryption scheme.

Zhongchun Huo - Fortinet, China

When ZAccess becomes a debugger

ZAccess (a.k.a. ZeroAccess) is a complex botnet with many different variants and updates to the malware having been observed over several years. In June He Xu and colleagues found and analysed some variants which integrated a debugger engine. He takes a look at some of the features in those variants.

He Xu - Fortinet, Canada

Feature

The murky waters of the Internet: anatomy of malvertising and other e-threats

According to the Online Trust Alliance, almost 10 billion ad impressions were compromised by malvertising in 2012 and malvertising incidents increased by more than 250% from Q1 2010 to Q2 2010. In this article, Bianca Stanescu and colleagues look at the evolving phenomenon of malvertising and offer some guidelines to help users and legitimate advertisers avoid these threats.

Bianca Stanescu - Bitdefender, Romania, Ionut Radu - Bitdefender, Romania & Cornel Radu - Bitdefender, Romania

Spotlight

Greetz from academe: Monkey vs. Python

Python obfuscation is relatively rare. In the latest of his ‘Greetz from academe’ series, highlighting some of the work going on in academic circles, John Aycock takes a look at a research paper in which the authors reverse engineered a 'hardened' Python application from Dropbox.

John Aycock - University of Calgary, Canada

Comparative review

VBSpam comparative review November 2013

In this month's VBSpam test, all but one of the 19 full solutions tested achieved a VBSpam award and eight of them stepped things up a notch to earn a VBSpam+ award. Martijn Grooten has the details.

Martijn Grooten - Virus Bulletin, UK

Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.


 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.