From the rise and demise of Silk Road to the current state of the crypto-currency frenzy, the story of bitcoin involves mysterious characters, million-dollar robberies and stealthy malware that will make you think twice before going online with your money. In his VB2014 paper, Santiago Pontiroli looks at the most interesting malware samples that target the popular bitcoin currency and some of the major events that surrounded it during this past year. He also investigates the flaws that allowed several bad guys to steal more money than one could ever imagine, and how they did it without ever firing a gun or stepping into a bank. Finally, he rounds off with some of the benefits that digital currencies offer to Latin American countries and the state of crypto-currency-stealing malware in the region and worldwide.
In 2012, the world of email filtering created a new tool to combat spam and phishing: DMARC - a technology that is designed to prevent spammers from forging the sender. DMARC has its upsides, but it also has some drawbacks. In his VB2014 paper, Terry Zink discusses the advantages and drawbacks of DMARC, as well as the process that Microsoft went through to catalogue all of its domains in order to ensure that all of them could pass basic authentication checks.
Apple has a strict review process for apps published in its App Store - which, although not perfect, provides good protection for iOS users and makes it difficult for malware to exist in the App Store. However, apps may also be distributed using enterprise provisioning profiles without having to go through this review process - and apps distributed in this way have become a new attack vector. In their VB2014 paper, Tao Wei and colleagues explain the risk of an attacker distributing apps using enterprise provisioning profiles to conduct targeted attacks, including remote installation through spear phishing, autostart after reboot, background monitoring, and bypassing certificate revocation.
Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims' systems. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. However, these bootkits aren't effective against UEFI-based platforms. So, are UEFI-based machines immune against bootkit threats (or would they be)? In their VB2014 paper, Eugene Rodionov, Alexander Matrosov and David Harley look at how bootkit threats have evolved over time and what we should expect in the near future.
In their VB2014 paper, Vadim Kotov and Rahul Kashyap perform an in-depth analysis of malicious web ads, with the focus on Flash banners. They investigate various possibilities for an attacker to leverage ad networks to spread malware and showcase the fact that, from the attackers’ perspective, ad networks are no different from, and may be even better than exploit kits.
The total IPv4 space consists of 4 billion addresses, the public ASN visible space consists of 46,000+ AS numbers, and the BGP prefix space consists of 520,000+ prefixes. Together, they form the foundation of addressing, routing and hosting on the Internet. Most of the current reputation systems used for network-level threat detection derive scores for IPs, BGP prefixes or ASNs based on hosted content. In his VB2014 paper, Dhia Mahjoub takes a novel approach by exploring the AS graph which models the interconnections between ASNs. He uncovers hotspots of maliciousness by analysing AS graph topology, hosted content and IP space reservation, and sheds some light on suspicious relationships between ASNs and abusive IP sub-allocations.
In their VB2014 paper, Andrei Husanu and Alexandru Trifan propose ways of fingerprinting the behaviour of various email-sending software by analysing sending behaviour at the SMTP and TCP/IP protocol levels in order to identify email messages originating from botnets and isolate them from those originating from various kinds of legitimate email servers.
The biggest and broadest ranging Virus Bulletin conference ever was a great success. Martijn Grooten describes the highlights of the event.
Although all but one of the 15 full products submitted for testing achieved a VBSpam award this month, and five of them performed so well they earned a VBSpam+ award, performance on most accounts was poorer than it has been in recent tests. Martijn Grooten has the details.