VB Blog

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

Posted by Virus Bulletin on Apr 7, 2021

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

Posted by Virus Bulletin on Mar 17, 2021

VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.

Posted by Virus Bulletin on Mar 2, 2021

In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.

Posted by Virus Bulletin on Feb 23, 2021

In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.

Posted by Virus Bulletin on Jan 29, 2021

At VB2019, CSIS researcher Benoît Ancel spoke about a quiet banking trojan actor that has been targeting German users since at least 2014.

Posted by Virus Bulletin on Jan 19, 2021

The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to Prague!

Posted by Virus Bulletin on Jan 11, 2021

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.

Posted by Virus Bulletin on Jan 8, 2021

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

Posted by Virus Bulletin on Dec 8, 2020

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.

Posted by Virus Bulletin on Dec 4, 2020

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.

Previous1234567...215Next

Search blog

VB2019 papers: Emotet and Ryuk

Today we publish VB2019 papers by Luca Nagy (Sophos) on Emotet and Gabriela Nicolao and Luciano Martins (Deloitte) on Ryuk, as well as the corresponding videos of their presentations.
Shinigami’s revenge: the long tail of the Ryuk malware Read the paper (HTML) Download the paper (PDF) Exploring Emotet, an elaborate everyday enigma Read the paper… https://www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/

VB2019 preview: Exploring Emotet, an elaborate everyday enigma

We preview the VB2019 paper by Sophos researcher Luca Nagy, who dives deeply into the notorious Emotet malware.
Active since 2014, initially as a banking trojan, Emotet has been a plague on the Internet in recent years. Emotet's core strength is its ability to download other malware, thus… https://www.virusbulletin.com/blog/2019/08/vb2019-preview-exploring-emotet-elaborate-everyday-enigma/

VB2018 paper: Office bugs on the rise

At VB2018 Sophos researcher Gábor Szappanos provided a detailed overview of Office exploit builders, and looked in particular at the widely exploited CVE-2017-0199. Today we publish his paper and release the video of his presentation.
A large portion of today's malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some… https://www.virusbulletin.com/blog/2018/12/vb2018-paper-office-bugs-rise/

VB2018 video: Behind the scenes of the SamSam investigation

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful… https://www.virusbulletin.com/blog/2018/11/vb2018-video-behind-scenes-samsam-investigation/

Gábor Szappanos wins fourth Péter Szőr Award

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".
Every year, during the Virus Bulletin Conference gala dinner, we celebrate the life and works of Péter Szőr, the brilliant security researcher who passed away so sadly in 2013. We… https://www.virusbulletin.com/blog/2017/10/gabor-szappanos-wins-fourth-peter-szor-award/

Paper: New Keylogger on the Block

In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.
Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper (here as a PDF)… https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/

VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?

Sophos researchers Rowland Yu and William Lee look at whether recent security enhancements to Android, such as SEAndroid and containerization, will be enough to defeat future malware threats.
Google's Android operating system may have a bit of a bad reputation when it comes to security, but it's worth noting that recent versions of the operating system have been… https://www.virusbulletin.com/blog/2016/02/vb2015-paper-will-android-trojans-worms-or-rootkits-survive-seandroid-and-containerization/

Sophos red flags Google Analytics

Popular analytics tool mistakenly flagged as 'high risk'.
Popular analytics tool mistakenly flagged as 'high risk'. Security firm Sophos had an embarrassing moment this morning when its scanner flagged Google Analytics as malicious.… https://www.virusbulletin.com/blog/2011/06/sophos-red-flags-google-analytics/

Sophos joins free home AV crowd with Mac release

Business-focused firm takes first step into home-user arena.
Business-focused firm takes first step into home-user arena.Sophos has announced the release of a home-user edition of its Mac anti-malware solution, which is being given away free… https://www.virusbulletin.com/blog/2010/11/sophos-joins-free-home-av-crowd-mac-release/

Sophos bought up by investment firm

APAX Partners acquires major stake in $830 million company.
APAX Partners acquires major stake in $830 million company.Sophos has announced that a majority share of the company will be sold to major private investment firm APAX Partners, in… https://www.virusbulletin.com/blog/2010/05/sophos-bought-investment-firm/

AV protection free for aliens

Klingon language scanner given away.
Klingon language scanner given away. After last summer saw malware making its way into space, it seemed like only a matter of time before alien races would need protection from the… https://www.virusbulletin.com/blog/2009/05/av-protection-free-aliens/

Tough weekend for AV giants as FPs and DNS issues hit

Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup.
Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup. Two of the larger security firms, Trend Micro and Sophos, had a busy weekend cleaning up after… https://www.virusbulletin.com/blog/2008/09/tough-weekend-av-giants-fps-and-dns-issues-hit/

Sophos makes move to buy Utimaco

€217 million bid launched for encryption specialist.
€217 million bid launched for encryption specialist. Security light-heavyweight Sophos has issued official notice of its intention to buy German encryption firm Utimaco, in a share… https://www.virusbulletin.com/blog/2008/07/sophos-makes-move-buy-utimaco/

41 months plus hefty fine for botherder

Cross-border operation brings adware crook to book.
Cross-border operation brings adware crook to book. A Florida man has been sentenced to 41 months in prison and fined $65,000 (approx. £32,000) after implanting bot software on… https://www.virusbulletin.com/blog/2008/06/41-months-plus-hefty-fine-botherder/

Almost half of users think virus-writing contests are a good idea

Shocking survey results disappoint security experts.
Shocking survey results disappoint security experts. Nearly half of the respondents in a Virus Bulletin poll said they thought that virus-writing contests are a useful way of… https://www.virusbulletin.com/blog/2008/05/almost-half-users-think-virus-writing-contests-are-good-idea/

Sophos announces plans to float

Listing on London Stock Exchange expected soon.
Listing on London Stock Exchange expected soon. The long-anticipated floatation of Sophos, one of the biggest privately owned security firms, has been announced this week, with the… https://www.virusbulletin.com/blog/2007/11/sophos-announces-plans-float/

Minor flaws patched in Sophos AV

Security vulnerabilities found and fixed.
Security vulnerabilities found and fixed. Two separate flaws have been reported in Sophos's anti-virus engine, affecting most of its product range and allowing security bypass and… https://www.virusbulletin.com/blog/2007/09/minor-flaws-patched-sophos-av/

Phish poses as Sophos malware alert

Fake security alarm lures users to spoofed site.
Fake security alarm lures users to spoofed site. A phishing email recently spammed out uses the name of security firm Sophos to lend credence to a fake malware alert, designed to… https://www.virusbulletin.com/blog/2007/08/phish-poses-sophos-malware-alert/