Raul Alvarez takes a close look at cavity file infector W32/Huhk, which - thanks to its infection criteria - only infects a handful of executable files, thus unintentionally creating a stealth technique.
In his VB2014 conference paper, Jean-Ian Boutin looks at the current webinject scene and how it has evolved over time, going from simple phishing-like functionalities to automatic transfer system (ATS) and two-factor authentication bypass, along with mobile components and fully fledged web control panels to manage money exfiltration through fraudulent money transfers.
In his VB2014 conference paper, Nick Sullivan explains what DNSSEC does and doesn't do to make DNS responses more trustworthy.
One of the main ways for cybercriminals to make money easily with the use of malware is through SMS premium services – using trojans to turn mobile devices into slot machines and causing victims' monthly phone bills to skyrocket. In his VB2014 paper, Luis Corrons looks at two different attack vectors used by two different Spanish criminal gangs. He shows what social engineering techniques are used to gain permission to activate the premium SMS services.
As Mac OS X continues to increase in popularity, OS X malware is becoming more common than ever. In his VB2014 paper, Patrick Wardle presents a detailed analysis of Apple’s anti-malware mechanisms (revealing several significant weaknesses), before diving into the bowels of the Mac startup process and detailing points of persistence. He also examines examples of OS X malware to illustrate how code may abuse the OS in order to achieve reboot persistence. Finally, he discusses a novel open-source tool that can enumerate and display persistent OS X binaries that are set to execute automatically upon reboot.
Since hiding a C&C means that a botnet will remain running for longer, specialized hosting services that are able to hide a server behind many proxies have appeared. In their VB2014 paper, Alexandru Maximciuc, Cristina Vatamanu and Razvan Benchea describe a proxy network with two types of redirection: one on the HTTP standard port (protecting the C&C servers) and the other on the UDP standard port (protecting a dedicated server that handles the DNS resolution for domains generated by Domain Generation Algorithms or chosen at will).
iWorm is a recently discovered OS X backdoor that affords an attacker complete control of an infected host. In this paper, Patrick Wardle builds upon the latest analyses, and provides a comprehensive technical analysis of iWorm's infection vector and persistence mechanism.
The VB test team put 29 products through their paces on Windows Server 2008 and, for the first time ever on a Windows platform, all products achieved VB100-certified status - John Hawes has the details.