Papers published in November 2015


Editor: Martijn Grooten

 VBSpam comparative review November 2015

Fifteen full solutions and three DNS-based blacklists lined up on the test bench for this VBSpam test and all but one of the full solutions reached the performance level required to earn a VBSpam award. Perhaps more impressively, eight of them achieved a VBSpam+ award. Martijn Grooten reports.

Martijn Grooten - Virus Bulletin, UK

Optimizing ssDeep for use at scale

Being able to find files that are similar to a particular file is quite useful, although it can be difficult to handle at scale. It can often require an infeasible number of comparisons, which need to take place outside of a database. In an attempt to make this task more manageable, Brian Wallace has devised an optimization to ssDeep comparisons, which drastically decreases the time required to compare files.

Brian Wallace - Cylance, USA

Throwback Thursday: Legal attempts to reduce spam. A UK perspective (November 2003)

In November 2003, Martin Lee summarized from a UK perspective the various legislative attempts to ban the abuse of email by law.

Martin Lee - Anti-spam software engineer, UK

3ROS exploit framework kit – one more for the infection road!

Aditya K. Sood and Rohit Bansal look at a different side of an exploit kit: the interface used by the malware authors who rely on exploit kits to get their malware installed on victims' machines.

Aditya K. Sood - Cloud Threat Labs, Elastica, USA & Rohit Bansal - SecNiche Security Labs, USA

Throwback Thursday: What DDoS it all Mean? (March 2000)

In February 2000, distributed denial of service, or DDoS, attacks disrupted some of the largest websites – CNN, MSN, Yahoo and others – sites designed to serve millions of pages per day. So Nick FitzGerald asked: what are DDoS attacks? How might they affect you and what should you do to avoid them?

Nick FitzGerald - Computer Virus Consulting, New Zealand

Shifu – the rise of a self-destructive banking trojan

The banking trojan Shifu appears to inherit some of its features from several other well-known banking trojans. Floser Bacurio and Wayne Low decided to take a close look at one of its droppers.

Floser Bacurio Jr - Fortinet, Singapore & Wayne Low - Fortinet, Singapore

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.