News

Conference review: Botconf 2014

Second edition of 'botnet fighting conference' another great success.

22 December 2014

Call for Papers: VB2015 Prague

VB seeks submissions for the 25th Virus Bulletin Conference.

19 December 2014

Book review: Countdown to Zero Day

Kim Zetter's book on Stuxnet is a must-read for anyone interested in malware - or in 21st century geopolitics.

18 December 2014

Virus Bulletin announces platinum sponsors for VB2015

More sponsorship opportunities available.

16 December 2014

VB2014 paper: Smart home appliance security and malware

Jeongwook Oh demonstrates how to hack a Samsung smart TV.

15 December 2014

Virus Bulletin is hiring

VB seeks a Perl Developer / Security Engineer.

08 December 2014

Conference report: VB2014

The biggest and broadest ranging Virus Bulletin conference ever was a great success.

28 November 2014

VB2014 paper: Labelling spam through the analysis of protocol patterns

What do your IP packet sizes say about whether you're a spammer?

26 November 2014

Multi-staged, modular Regin tool enables stealthy surveillance

Nation state likely behind campaign that goes back many years.

24 November 2014

Detekt tool searches PCs for traces of surveillance spyware

Second opinion essential in circumstances under which likely victims operate.

24 November 2014

Botconf 2014 preview

Many VB authors and presenters to speak at second botnet-fighting conference.

21 November 2014

VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet

Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.

21 November 2014

Report: VB100 comparative review on Windows 8.1

40 out of 48 tested products earn VB100 award.

20 November 2014

Out-of-band patch released for all Windows versions

Kerberos bug means one set of credentials suffices to rule them all.

19 November 2014

VB2014 paper: Optimized mal-ops. Hack the ad network like a boss

Why buying ad space makes perfect sense for those wanting to spread malware.

18 November 2014

Book review: Bulletproof SSL and TLS

Must-read for anyone working with one of the Internet's most important protocols.

17 November 2014

VB2014 paper: Bootkits: past, present & future

Despite better defences, the era of bootkits is certainly not behind us.

12 November 2014

Stuxnet infected Natanz plant via carefully selected targets rather than escape from it

Five initial victims of infamous worm named.

11 November 2014

VB2014 paper: Apple without a shell - iOS under targeted attack

Developer Enterprise Program recently found to be used by WireLurker.

10 November 2014

VB2014 video: Attack points in health apps & wearable devices - how safe is your quantified self?

Health apps and wearable devices found to make many basic security mistakes.

07 November 2014

Macro malware on the rise again

Users taught that having to enable enhanced security features is no big deal.

07 November 2014

VB2014 paper: DMARC - how to use it to improve your email reputation

Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.

06 November 2014

WireLurker malware infects iOS devices through OS X

Non-jailbroken devices infected via enterprise provisioning program.

06 November 2014

VB2014 Paper: Well, that escalated quickly. From penny-stealing malware to multi-million-dollar heists, a quick overview of the Bitcoin bonanza in the digital era

Santiago Pontiroli takes us on a rollercoaster ride through cryptocurrency land.

04 November 2014

CVE-2012-0158 continues to be used in targeted attacks

30-month old vulnerability still a popular way to infect systems.

31 October 2014

The VB2014 presentation you never saw. Early launch Android malware: your phone is 0wned

Malicious apps may have more privileges than security software.

31 October 2014

Paper: Invading the core: iWorm's infection vector and persistence mechanism

Malware spreads through infected torrent, then maintains persistence on the system.

30 October 2014

New IcoScript variant uses Gmail drafts for C&C communication

Switch likely to make modular malware even stealthier.

29 October 2014

VB2014 paper: Hiding the network behind the network. Botnet proxy business model

Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden.

28 October 2014

VB2014 paper: Methods of malware persistence on Mac OS X

'KnockKnock' tool made available to the public.

24 October 2014

Tor exit node found to turn downloaded binaries into malware

Tor provides anonymity, not security, hence using HTTPS is essential.

24 October 2014

VB2014 paper: Exposing Android white collar criminals

Luis Corrons dives into the world of shady Android apps.

22 October 2014

Black Hat Europe - day 2

IPv6 versus IDPS, XSS in WYSIWYG editors, and reflected file downloads.

20 October 2014

Black Hat Europe - day 1

Programme packed with interesting talks.

17 October 2014

VB2014 paper: DNSSEC - how far have we come?

Nick Sullivan describes how DNSSEC uses cryptography to add authentication and integrity to DNS responses.

16 October 2014

POODLE attack forces the Internet to move away from SSL 3.0

Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks.

15 October 2014

Report: 15 solutions achieve VBSpam award

Surprisingly, the presence of more URLs doesn't necessarily make spam easier to block.

15 October 2014

Windows zero-day used in targeted attacks

Vulnerability used to download BlackEnergy trojan - as discussed during VB2014.

14 October 2014

VB2014 paper: The evolution of webinjects

Jean-Ian Boutin looks at the increased commoditization of webinjects.

13 October 2014

Paper: The Hulk

Raul Alvarez studies cavity file infector.

08 October 2014

Shellshock used to spread Mayhem

Malware switched to more effective Perl installer.

08 October 2014

VB2014: Slides day three

Thanks all for a fantastic conference and see you in Prague... or in Denver!

28 September 2014

'Windigo' research wins first annual Péter Szőr award

The first of many awards to commemorate brilliant researcher.

26 September 2014

VB2014: Slides day two

Another day of excellent presentations.

25 September 2014

VB2014: Slides day one

Almost £1,300 donated to WWF!

24 September 2014

VB2014 previews: an overview

Fourteen blog posts look ahead at the 24th Virus Bulletin conference.

23 September 2014

VB2014 preview: Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam

Jérôme Segura looks at recent developments in malicious cold calls.

22 September 2014

VB2014 preview: Ubiquitous Flash, ubiquitous exploits and ubiquitous mitigation

Chun Feng and Elia Florio look at exploits targeting domain memory opcode in Adobe Flash.

19 September 2014

VB2014: frequently asked questions

Some useful information for those attending VB2014 - or those interested in attending.

18 September 2014

VB2014 preview: two papers on Linux server malware

Researchers from ESET, Yandex and Symantec look at emerging malware trend.

17 September 2014

VB2014 preview: keynote and closing panel

Vulnerability disclosure one of the hottest issues in security.

16 September 2014

Report: VB100 comparative review on Windows Server 2012

23 out of 29 tested products earn VB100 award.

29 July 2014

VB2014 preview: Apple without a shell - iOS under targeted attack

FireEye researchers show a large attack vector for Apple's mobile operating system.

12 September 2014

DNS cache poisoning used to steal emails

Call to use end-to-end encryption and to deploy DNSSEC.

11 September 2014

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part two

Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine.

11 September 2014

Left-to-right override makes a return in spam

Trick shows that spammers still try to beat content-based filters.

11 September 2014

Crypto blunder makes TorrentLocker easy to crack

Use of single XOR key leaves ransomware open to known-plaintext attack.

10 September 2014

VB2014 preview: The three levels of exploit testing

Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.

09 September 2014

VB2014 preview: last-minute papers added to the programme

Hot topics to be covered at VB2014 conference in Seattle.

05 September 2014

Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part one

Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud.

03 September 2014

VB2014 preview: Swipe away, we're watching you

Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.

02 September 2014

VB2014 preview: Design to discover: security analytics with 3D visualization engine

Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains.

29 August 2014

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.

28 August 2014

Srizbi kernel-mode spambot reappears as Pitou

Malware possibly still in the 'brewing' stage.

28 August 2014

VB2014 preview: Methods of malware persistence on Mac OS X

Patrick Wardle shows that OS X users really have something to worry about.

27 August 2014

More than two million home routers have 'wide open backdoor'

Default password makes vulnerability easy to exploit.

26 August 2014

VB2014 preview: Duping the machine - malware strategies, post sandbox detection

James Wyke looks at four difference decoy methods.

22 August 2014

Paper: Bird's nest

Raul Alvarez studies the Neshta prepending file infector.

21 August 2014

VB2014 preview: Labelling spam through the analysis of protocol patterns

Andrei Husanu and Alexandru Trifan look at what TCP packet sizes can teach us.

19 August 2014

VB2014 preview: Optimized mal-ops. Hack the ad network like a boss

Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.

15 August 2014

Google to take tough stance on homoglyph attacks

Good idea, but unlikely to have a huge impact.

14 August 2014

Guest blog: Cyber insurance, is it for you?

Sorin Mustaca looks at how companies trading online can insure the risks they run.

14 August 2014

VB2014 preview: P0wned by a barcode

Fabio Assolini to speak about malware targeting boletos.

13 August 2014

Paper: Inside the iOS/AdThief malware

75,000 jailbroken iOS devices infected with malware that steals ad revenues.

12 August 2014

$83k in bitcoins 'stolen' through BGP hijack

Short-lived network changes used to make miners connect to rogue pool.

08 August 2014

Report: 15 solutions achieve VBSpam award

Despite short spike, image spam no problem for spam filters.

07 August 2014

Researchers release CryptoLocker decryption tool

Tool uses private keys found in database of victims.

06 August 2014

Paper: IcoScript: using webmail to control malware

RAT gets instructions from Yahoo Mail address.

04 August 2014

Paper: Learning about Bflient through sample analysis

Flexible module-handling mechanism allows malware to adjust functionalities at will.

30 July 2014

Report: VB100 comparative review on Windows 7

29 out of 35 tested products earn VB100 award.

29 July 2014

Call for last-minute papers for VB2014 announced

Seven speaking slots waiting to be filled with presentations on 'hot' security topics.

21 July 2014

Paper: Mayhem - a hidden threat for *nix web servers

New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.

17 July 2014

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.

16 July 2014

Paper: API-EPO

Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector.

14 July 2014

Paper: Not old enough to be forgotten: the new chic of Visual Basic 6

Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++.

10 July 2014

Paper: VBA is not dead!

Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.

07 July 2014

'Cyber attack on hedge fund' turns out to be internal 'scenario' used by BAE Systems

Story that appeared to be taken from fiction turns out... to have been fiction.

03 July 2014

Paper: Obfuscation in Android malware, and how to fight back

Axelle Apvrille and Ruchna Nigam look at both off-the-shelf products and custom obfuscation techniques.

02 July 2014

Virus Bulletin celebrates 25th birthday by making all content free

Neither subscription nor registration required to access content.

01 July 2014

Exploit kit requires link to be clicked before redirection

Automatic analysis of malicious payloads becomes a little bit harder again.

23 June 2014

Cheap Android phone comes shipped with spyware

Trojan masquerades as Google Play app; cannot be removed.

19 June 2014

Virus Bulletin seeks security researchers

Would you like to publish your research through Virus Bulletin - or perhaps even work for us?

18 June 2014

Game over for GameOver Zeus botnet?

Coordinated effort against gang that's also behind CryptoLocker ransomware.

05 June 2014

June issue of VB published

The June issue of Virus Bulletin is now available for subscribers to download.

02 June 2014

Virus Bulletin announces Péter Ször Award

'Brilliant mind and a true gentleman' commemorated through annual award for technical security research.

23 May 2014

1 in 500 secure connections use forged certificate

For reasons ranging from relatively good, to actual malware.

13 May 2014

May issue of VB published

The May issue of Virus Bulletin is now available for subscribers to download.

02 May 2014

AOL spam spreads 'NotCompatible' Android trojan

AOL responds by following Yahoo! in setting strict DMARC policy.

23 April 2014

Yahoo's DMARC policy wreaks havoc among mailing lists

Collateral damage in instruction to reject emails with invalid DKIM signatures.

15 April 2014

A week of Heartbleed

OpenSSL vulnerability has kept the security community busy.

14 April 2014

VB2014 programme and keynote announced

Exciting range of topics to be covered at VB conference in Seattle this September; Katie Moussouris to deliver keynote address.

09 April 2014

OpenSSL vulnerability lets attackers quietly steal servers' private keys

Security firm advises regenerating keys and replacing certificates on vulnerable servers.

08 April 2014

April issue of VB published

The April issue of Virus Bulletin is now available for subscribers to download.

02 April 2014

IEEE announces Anti-Malware Support Service

'Software taggant system' and 'clean file metadata exchange' discussed at previous VB conferences.

06 March 2014

March issue of VB published

The March issue of Virus Bulletin is now available for subscribers to download.

04 March 2014

'Cyberdanger' informs general audience of IT security

Eddy Willems' book is a pleasant read on an important subject.

24 February 2014

Researchers crack ransomware encryption

'Bitcrypt' authors confused their bytes and digits.

21 February 2014

Windows Error Reporting used to discover new attacks

No excuse for sending error reports in cleartext.

19 February 2014

Tech support scammers won't give up

M3AAWG workshop to deal with fighting telephony abuse.

13 February 2014

At least 99.4% of spam blocked in recent Virus Bulletin test

All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC.

06 February 2014

February issue of VB published

The February issue of Virus Bulletin is now available for subscribers to download.

03 February 2014

Macro viruses make a return in targeted attacks

Macros disabled in modern versions of Office, but enabled within many organisations.

31 January 2014

VirusTotal support integrated into new version of Process Explorer

Sysadmins can check hashes of processes against file-checking service database.

30 January 2014

CSRF vulnerability in USB modems allows for infrastructure-less phishing

Credentials sent to attacker by built-in SMS functionality.

29 January 2014

Browser-based ransomware uses scare tactics to extort money

Unsophisticated scam shows the high level of commoditization of today's cybercrime.

24 January 2014

Is your fridge sending spam?

It's possible that smart devices are sending spam, but it wouldn't make any difference.

21 January 2014

January issue of VB published

The January issue of Virus Bulletin is now available for subscribers to download.

08 January 2014

 

Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.