VB Blog

Throwback Thursday: A troubled world

Posted by   Helen Martin on   Feb 9, 2017

In early 1991, the world was a troubled place and conflict and violence were being reported globally on a daily basis. With this as a backdrop, the world of "indiscriminate" computer viruses which "victimise in a random and unpredictable manner" seemed relatively trivial to then Editor of VB, Edward Wilding.

Read more  

VB2016 video: Nymaim: the Untold Story

Posted by   Martijn Grooten on   Feb 8, 2017

Until very recently, the Nymaim banking trojan was a serious problem in Poland. Today, we publish the video of the VB2016 presentation by CERT Polska researchers Jarosław Jedynak and Maciej Kotowicz, in which they analyse this malware-dropper-turned-banking-trojan.

Read more  

The Living Dead Anti-Virus

Posted by   Virus Bulletin on   Feb 2, 2017

Should users uninstall their anti-virus products, as was recently suggested by a security expert in a widely shared article? In a guest post, security consultant Hendrik Pilz explains why he doesn't think this is a good idea.

Read more  

Paper: The journey and evolution of God Mode in 2016: CVE-2016-0189

Posted by   Martijn Grooten on   Jan 31, 2017

In a new paper published by Virus Bulletin, FireEye researchers Ankit Anubhav and Manish Sardiwal analyse the 'God Mode' vulnerability CVE-2016-0189 in Microsoft Internet Explorer.

Read more  

VB2016 video: Neverquest: Crime as a Service and On the Hunt for the Big Bucks

Posted by   Martijn Grooten on   Jan 30, 2017

At VB2016, Peter Kruse gave a presentation detailing the Neverquest trojan, the alleged author of which was arrested in Spain earlier this month. Today, we publish the recording of Peter's presentation.

Read more  

VB2016 paper: Great crypto failures

Posted by   Martijn Grooten on   Jan 24, 2017

Crypto is hard, and malware authors often make mistakes. At VB2016, Check Point researchers Yaniv Balmas and Ben Herzog discussed the whys and hows of some of the crypto blunders made by malware authors. Today, we publish their paper and the recording of their presentation.

Read more  

Call for Papers: VB2017

Posted by   Martijn Grooten on   Jan 19, 2017

We have opened the Call for Papers for VB2017. We are particularly interested in receiving submissions from those working outside the security industry itself.

Read more  

Ransomware not a problem for half of businesses

Posted by   Martijn Grooten on   Jan 11, 2017

According to a report by IBM Security, 70 per cent of businesses that are the victim of a ransomware attack end up paying the ransom. However, the report also suggests that a little over half of businesses manage to avoid getting infected at all, showing they must be doing something right.

Read more  

Ransomware would be much worse if it wasn't for email security solutions

Posted by   Martijn Grooten on   Jan 5, 2017

The latest VBSpam test brings good news: at least 199 out of every 200 emails containing a malicious attachment were blocked by email security solutions. All of the full solutions tested achieved a VBSpam award, with five earning a VBSpam+ award.

Read more  

Throwback Thursday: The malware battle: reflections and forecasts

Posted by   Helen Martin on   Jan 5, 2017

"Another year has come to its end and the malware battle still rages on." In January 2004, Jamz Yaneza reflected on the year just ended and pondered what the coming year would have in store for the AV industry.

Read more  
Previous1...3839404142...215Next

Search blog

VB2016 paper: Open Source Malware Lab

At VB2016, ThreatConnect Director of Research Innovation Robert Simmons presented a paper on setting up an open source malware lab. Today, we share the accompanying paper and video.
Security experts aren't necessarily known for being skilled at predicting the future, but if there's one prediction they are guaranteed to get right, it's that there will be a lot… https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab/

Paper: Spreading techniques used by malware

In a new paper published by Virus Bulletin, Acalvio researcher Abhishek Singh discusses some of the techniques used by malware to increase its impact by spreading further.
Malware infections usually start with a user opening an attachment, visiting a link, or simply accessing an infected site with a vulnerable browser. But once malware has infected… https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/

Conference review: Botconf 2016

Three members of the Virus Bulletin team attended the Botconf 2016 conference in Lyon, France last month, enjoying talks on subjects that ranged from state-sponsored attacks to exploit kits, and from banking trojans to cyber insurance.
This review was written by Martijn Grooten, Adrian Luca and Ionuț Răileanu. Though still only in its fourth year, Botconf has become one of the Virus Bulletin team's favourite… https://www.virusbulletin.com/blog/2016/december/conference-review-botconf-2016/

VB2016 preview: Cryptography mistakes in malware

At VB2016, two talks will discuss mistakes made by malware authors in cryptographic implementations. Ben Herzog and Yaniv Balmas will present a paper in which they look at a number of these mistakes, while Malwarebytes researcher hasherezade will present …
"Don't roll your own crypto", software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-presentations-cryptography-mistakes-malware/

VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka

In a VB2016 paper, Stormshield researchers Benoit Ancel and Mehdi Talbi will present a paper on Haka, a tool that can be used to monitor and debug malware's network communications.
Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-debugging-and-monitoring-malware-network-activities-haka/

Paper: Behavioural Detection and Prevention of Malware on OS X

In a new paper published through Virus Bulletin, Vincent Van Mieghem presents a novel method for detecting malware on Mac OS X, based on the system calls used by malicious software.
Though still well behind that of Windows malware, the prevalence of malware targeting OS X has increased in the past year to the point where Mac users can't assume they are safe… https://www.virusbulletin.com/blog/2016/september/paper-behavioural-detection-and-prevention-malware-os-x/

Paper: The Journey of Evasion Enters Behavioural Phase

A new paper by FireEye researcher Ankit Anubhav provides an overview of evasion techniques applied by recently discovered malware.
Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware… https://www.virusbulletin.com/blog/2016/07/paper-journey-evasion-enters-behavioural-phase/

Paper: How It Works: Steganography Hides Malware in Image Files

A new paper by CYREN researcher Lordian Mosuela takes a close look at Gatak, or Stegoloader, a piece of malware that was discovered last year and that is controlled via malicious code embedded in a PNG image, a technique known as steganography.
Sometimes a picture says more than a thousand words. And sometimes in computer security, a picture contains a thousand words, or rather a lot of commands, used by malware authors… https://www.virusbulletin.com/blog/2016/04/paper-how-it-works-steganography-hides-malware-image-files/

Paying a malware ransom is bad, but telling people never to do it is unhelpful advice

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.
I'm not usually one to spread panic about security issues, but in the case of the current ransomware plague, I believe that at the very least a sense of great concern is… https://www.virusbulletin.com/blog/2016/04/paying-malware-ransom-bad-telling-people-never-do-it-unhelpful-advice/

New tool helps ransomware victims indentify the malware family

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.
Malware infections are never fun, but ransomware is particularly nasty and the plague doesn't seem likely to cease any time soon: new families are spotted almost daily. A small… https://www.virusbulletin.com/blog/2016/04/new-tool-helps-ransomware-victims-indentify-malware-family/

VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?

Sophos researchers Rowland Yu and William Lee look at whether recent security enhancements to Android, such as SEAndroid and containerization, will be enough to defeat future malware threats.
Google's Android operating system may have a bit of a bad reputation when it comes to security, but it's worth noting that recent versions of the operating system have been… https://www.virusbulletin.com/blog/2016/02/vb2015-paper-will-android-trojans-worms-or-rootkits-survive-seandroid-and-containerization/

VB2015 paper: Digital 'Bian Lian' (face changing): the Skeleton Key malware

Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers.
Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers. A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed… https://www.virusbulletin.com/blog/2016/01/paper-digital-bian-lian-face-changing-skeleton-key-malware/

Malware likely cause of power cut in Ukraine

BlackEnergy malware previously linked to targeted attacks in the country.
BlackEnergy malware previously linked to targeted attacks in the country. When in late December hundreds of thousands of homes in Western Ukraine suffered power outages, many… https://www.virusbulletin.com/blog/2016/01/malware-likely-cause-power-cut-ukraine/

Paper: Optimizing ssDeep for use at scale

Brian Wallace presents tool to optimize ssDeep comparisons.
Brian Wallace presents tool to optimize ssDeep comparisons. Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing… https://www.virusbulletin.com/blog/2015/11/paper-optimizing-ssdeep-use-scale/

Paper: MWI-5: Operation HawkEye

Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details.
Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office… https://www.virusbulletin.com/blog/2015/10/paper-mwi-5-operation-hawkeye/

Researchers seek ransomware samples for their generic solution

VB2015 presentation to include demonstration of technique against recent samples.
VB2015 presentation to include demonstration of technique against recent samples. 'The scary hack that's on the rise' is how Wired's Kim Zetter described ransomware in an overview… https://www.virusbulletin.com/blog/2015/09/researchers-seek-ransomware-samples-their-generic-solution/

Paper: Not a GAMe maKER

Raul Alvarez performs low-level analysis of information-stealing trojan.
Raul Alvarez performs low-level analysis of information-stealing trojan. The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the… https://www.virusbulletin.com/blog/2015/08/paper-not-game-maker/

Back to the future: anti-virus engines and sandboxes

Szilard Stange makes the case for multi-engine malware scanning.
Szilard Stange makes the case for multi-engine malware scanning.The VB2015 conference takes place next month (30 September to 2 October) in Prague, with an exciting programme that… https://www.virusbulletin.com/blog/2015/08/back-future-anti-virus-engines-and-sandboxes/

Paper: Dridex in the Wild

Meng Su explains how Dridex works and how it communicates with its C&C server.
Meng Su explains how Dridex works and how it communicates with its C&C server. A descendant of Cridex, Dridex was first written about a little less than a year ago, by S21sec and… https://www.virusbulletin.com/blog/2015/07/paper-dridex-wild/

Little sympathy for breached Hacking Team

Lists of customers, source code and zero-day vulnerabilities made public.
Lists of customers, source code and zero-day vulnerabilities made public. The biggest security story of this week, and probably one of the biggest of the year, is the hack of… https://www.virusbulletin.com/blog/2015/07/little-sympathy-breached-hacking-team/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.