VB Blog

What cybersecurity experts are talking about in 2025

Posted by   Virus Bulletin on   Jun 10, 2025

The cybersecurity field moves quickly, with new research surfacing regularly and threat actors constantly shifting their approaches. We've gathered five recent research topics that caught our attention, each offering a different angle on the current threat landscape and the creative ways both attackers and defenders are adapting.

Read more  

VBSpam tests to be executed under the AMTSO framework

Posted by   Virus Bulletin on   Jun 24, 2024

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

Read more  

In memoriam: Prof. Ross Anderson

Posted by   Virus Bulletin on   Apr 2, 2024

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

Read more  

In memoriam: Dr Alan Solomon

Posted by   Virus Bulletin on   Feb 14, 2024

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

Read more  

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Posted by   Virus Bulletin on   Oct 12, 2023

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

Read more  

New paper: Collector-stealer: a Russian origin credential and information extractor

Posted by   Virus Bulletin on   Dec 8, 2021

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

Read more  

VB2021 localhost videos available on YouTube

Posted by   Virus Bulletin on   Nov 4, 2021

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

Read more  

VB2021 localhost is over, but the content is still available to view!

Posted by   Virus Bulletin on   Oct 11, 2021

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

Read more  

VB2021 localhost call for last-minute papers

Posted by   Virus Bulletin on   Aug 2, 2021

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

Read more  

New article: Run your malicious VBA macros anywhere!

Posted by   Virus Bulletin on   Apr 21, 2021

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

Read more  
Previous1234567...215Next

Search blog

New paper: LokiBot: dissecting the C&C panel deployments

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the URL st…
If you have some research you'd like to share with the security community, we'd love to hear from you: the call for papers for VB2020 (Dublin, 30 Sept to 2 Oct 2020) remains open… https://www.virusbulletin.com/blog/2020/02/new-paper-lokibot-dissecting-cc-panel-deployments/

Paper: New Keylogger on the Block

In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper (here as a PDF)… https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/

Paper: MWI-5: Operation HawkEye

Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details.
Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office… https://www.virusbulletin.com/blog/2015/10/paper-mwi-5-operation-hawkeye/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

'Son of Stuxnet' trojan found

'Duqu' used in targeted attacks to steal specific information.
'Duqu' used in targeted attacks to steal specific information. Researchers at both Symantec and McAfee have discovered a new Remote Access Trojan (RAT) with strong links to Stuxnet… https://www.virusbulletin.com/blog/2011/10/son-stuxnet-trojan-found/

Keylogger on Samsung laptops proves to be false alarm

AV product wrongly flags malware based on existence of directory.
AV product wrongly flags malware based on existence of directory. A number of security bloggers raised concern yesterday about the apparent presence of a keylogger on Samsung… https://www.virusbulletin.com/blog/2011/03/keylogger-samsung-laptops-proves-be-false-alarm/

Webmail data leak hype deflated

Rumoured phishing explosion grabs headlines, reality much more mundane.
Rumoured phishing explosion grabs headlines, reality much more mundane. This week has seen some major news organisations picking up on the story of tens of thousands of sets of… https://www.virusbulletin.com/blog/2009/10/webmail-data-leak-hype-deflated/

Keyloggers used to loot US county

$415,000 sneaked from local government funds.
$415,000 sneaked from local government funds. A Kentucky county has suffered losses of $415,000 after keylogging malware infiltrated its computer systems, allowing cybercriminals… https://www.virusbulletin.com/blog/2009/07/keyloggers-used-loot-us-county/

China-Tibet row spills over into malware attacks

Both sides of debate targeted to spread malicious code.
Both sides of debate targeted to spread malicious code. With the political row over China's involvement in Tibet continuing to make the headlines, cybercriminals have been as quick… https://www.virusbulletin.com/blog/2008/04/china-tibet-row-spills-over-malware-attacks/

Habbo trojan steals passwords

Extension decorates your room... with malware.
Extension decorates your room... with malware. A trojan has been discovered that masquerades as an extension to social networking site Habbo, formerly known as Habbo Hotel. The… https://www.virusbulletin.com/blog/2008/02/habbo-trojan-steals-passwords/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.