VB Blog

VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks

Posted by   Martijn Grooten on   Jul 3, 2017

According to some researchers, there is some evidence linking the recent (Not)Petya attacks with the BlackEnergy group - which became infamous for its targeted attacks against the Ukraine. At VB2016, ESET researchers Anton Cherepanov and Robert Lipovsky spoke about BlackEnergy, providing an overview of the group's attacks. Today, we publish their paper.

Read more  

Security advice in the wake of WannaCry and Not(Petya)

Posted by   Martijn Grooten on   Jun 30, 2017

As WannaCry and (Not)Petya have shown, malware attacks can do a lot of damage. So is staying safe just a case of following good security advice?

Read more  

48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat

Posted by   Martijn Grooten on   Jun 29, 2017

Whether you call it Petya, NotPetya, Nyetya or Petna, there are still many mysteries surrounding the malware that has been causing havoc around the world.

Read more  

VB2017 Early Bird discount to expire this week

Posted by   Martijn Grooten on   Jun 28, 2017

This week, the Early Bird discount for VB2017 comes to an end - so, for a 10% saving on the cost of full price registration, make sure you register now!

Read more  

VB2016 paper: Steam stealers: it's all fun and games until someone's account gets hijacked

Posted by   Martijn Grooten on   Jun 23, 2017

Last year, Kaspersky Lab researcher Santiago Pontiroli and PwC's Bart Parys presented a VB2016 paper analysing the malicious threats faced by users of the Steam online gaming platform, and highlighting how organized criminals are making money with these profitable schemes. Today, we publish the paper.

Read more  

Research paper shows it may be possible to distinguish malware traffic using TLS

Posted by   Martijn Grooten on   Jun 22, 2017

Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic.

Read more  

Is CVE-2017-0199 the new CVE-2012-0158?

Posted by   Martijn Grooten on   Jun 20, 2017

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.

Read more  

Review: BSides London 2017

Posted by   Martijn Grooten on   Jun 19, 2017

Virus Bulletin was a proud sponsor of BSides London 2017 - Martijn Grooten reports on a great event.

Read more  

VB2017: one of the most international security conferences

Posted by   Martijn Grooten on   Jun 15, 2017

It is well known that the problem of cybersecurity is a global one that affects users worldwide - but it's also one that has some unique local flavours. With speakers representing at least 24 countries, VB2017 is one of the most international security conferences on the circuit, allowing attendees to hear the viewpoints of experts from around the world. Register before 1 July and receive a 10% Early Bird discount.

Read more  

VB2016 paper: Diving into Pinkslipbot's latest campaign

Posted by   Martijn Grooten on   Jun 12, 2017

Qakbot or Qbot, is a banking trojan that makes the news every once in a while and was the subject of a VB2016 paper by Intel Security researchers Sanchit Karve, Guilherme Venere and Mark Olea. In it, they provided a detailed analysis of the Pinkslipbot/Qakbot trojan and its then latest campaign. Their full paper is now available to download or read online.

Read more  
Previous1...3435363738...215Next

Search blog

New paper: LokiBot: dissecting the C&C panel deployments

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the URL st…
If you have some research you'd like to share with the security community, we'd love to hear from you: the call for papers for VB2020 (Dublin, 30 Sept to 2 Oct 2020) remains open… https://www.virusbulletin.com/blog/2020/02/new-paper-lokibot-dissecting-cc-panel-deployments/

Paper: New Keylogger on the Block

In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper (here as a PDF)… https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/

Paper: MWI-5: Operation HawkEye

Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details.
Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office… https://www.virusbulletin.com/blog/2015/10/paper-mwi-5-operation-hawkeye/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

'Son of Stuxnet' trojan found

'Duqu' used in targeted attacks to steal specific information.
'Duqu' used in targeted attacks to steal specific information. Researchers at both Symantec and McAfee have discovered a new Remote Access Trojan (RAT) with strong links to Stuxnet… https://www.virusbulletin.com/blog/2011/10/son-stuxnet-trojan-found/

Keylogger on Samsung laptops proves to be false alarm

AV product wrongly flags malware based on existence of directory.
AV product wrongly flags malware based on existence of directory. A number of security bloggers raised concern yesterday about the apparent presence of a keylogger on Samsung… https://www.virusbulletin.com/blog/2011/03/keylogger-samsung-laptops-proves-be-false-alarm/

Webmail data leak hype deflated

Rumoured phishing explosion grabs headlines, reality much more mundane.
Rumoured phishing explosion grabs headlines, reality much more mundane. This week has seen some major news organisations picking up on the story of tens of thousands of sets of… https://www.virusbulletin.com/blog/2009/10/webmail-data-leak-hype-deflated/

Keyloggers used to loot US county

$415,000 sneaked from local government funds.
$415,000 sneaked from local government funds. A Kentucky county has suffered losses of $415,000 after keylogging malware infiltrated its computer systems, allowing cybercriminals… https://www.virusbulletin.com/blog/2009/07/keyloggers-used-loot-us-county/

China-Tibet row spills over into malware attacks

Both sides of debate targeted to spread malicious code.
Both sides of debate targeted to spread malicious code. With the political row over China's involvement in Tibet continuing to make the headlines, cybercriminals have been as quick… https://www.virusbulletin.com/blog/2008/04/china-tibet-row-spills-over-malware-attacks/

Habbo trojan steals passwords

Extension decorates your room... with malware.
Extension decorates your room... with malware. A trojan has been discovered that masquerades as an extension to social networking site Habbo, formerly known as Habbo Hotel. The… https://www.virusbulletin.com/blog/2008/02/habbo-trojan-steals-passwords/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.