VB Blog

VB2017 paper and update: Browser attack points still abused by banking trojans

Posted by Martijn Grooten on Jul 25, 2018

At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space.

Posted by Martijn Grooten on Jul 16, 2018

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?

Posted by Martijn Grooten on Jul 11, 2018

We are excited to announce several more companies that have partnered with VB2018.

Posted by Martijn Grooten on Jul 10, 2018

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors' use of stolen certificates.

Posted by Martijn Grooten on Jul 6, 2018

Though the location will remain under wraps for a few more months, we are pleased to announce the dates for VB2019, the 29th Virus Bulletin International Conference.

Posted by Martijn Grooten on Jul 6, 2018

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.

Posted by Martijn Grooten on Jul 3, 2018

Virus Bulletin has opened nominations for the fifth annual Péter Szőr Award, for the best piece of technical security research published between 1 July 2017 and 30 June 2018.

Posted by Martijn Grooten on Jul 3, 2018

Security researcher Matt Nelson has discovered how .SettingContent-ms files can be embedded into Office files to deliver malware.

Posted by Martijn Grooten on Jun 26, 2018

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.

Posted by Martijn Grooten on Jun 25, 2018

If you want to come to VB2018 in Montreal this year (and why wouldn't you?) and want to save a bit on the ticket price (and why wouldn't you?), remember that early bird discounts will be available until 30 June.

Previous1...1920212223...215Next

Search blog

VB2014 paper: Quantifying maliciousness in Alexa top-ranked domains

Paul Royal looks at malware served through the most popular websites.
Paul Royal looks at malware served through the most popular websites. Though VB2014 took place nine months ago, most of the papers presented during the conference remain very… https://www.virusbulletin.com/blog/2015/06/paper-quantifying-maliciousness-alexa-top-ranked-domains/

VB2014 paper: Swipe away, we're watching you

Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.
Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.Since the close of the VB2014 conference in Seattle in October, we have been… https://www.virusbulletin.com/blog/2015/04/paper-swipe-away-we-re-watching-you/

Paper: a timeline of mobile botnets

Ruchna Nigam provides an overview of more than 60 mobile malware families.
Ruchna Nigam provides an overview of more than 60 mobile malware families. The rise of mobile malware is still a relatively recent thing, with the first actual mobile botnets not… https://www.virusbulletin.com/blog/2015/03/paper-timeline-mobile-botnets/

Facebook launches platform for sharing of threat intelligence

Twitter, Yahoo! amongst early participants in 'ThreatExchange'.
Twitter, Yahoo! amongst early participants in 'ThreatExchange'. When I took my first steps in the security industry, I was surprised by just how much information was shared between… https://www.virusbulletin.com/blog/2015/02/facebook-launches-platform-sharing-threat-intelligence/

VB2014 paper: P0wned by a barcode: stealing money from offline users

Fabio Assolini explains how cybercriminals are targeting boletos.
Fabio Assolini explains how cybercriminals are targeting boletos.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as… https://www.virusbulletin.com/blog/2015/02/paper-p0wned-barcode-stealing-money-offline-users/

Conference review: Botconf 2014

Second edition of 'botnet fighting conference' another great success.
Second edition of 'botnet fighting conference' another great success. I had been looking forward to the second edition of the Botconf conference ever since I came back from the… https://www.virusbulletin.com/blog/2014/12/conference-review-botconf-2014/

Macro malware on the rise again

Users taught that having to enable enhanced security features is no big deal.
Users taught that having to enable enhanced security features is no big deal. When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past,… https://www.virusbulletin.com/blog/2014/11/macro-malware-rise-again/

VB2014 paper: Methods of malware persistence on Mac OS X

'KnockKnock' tool made available to the public.
'KnockKnock' tool made available to the public.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we… https://www.virusbulletin.com/blog/2014/10/paper-methods-malware-persistence-mac-os-x/

Tor exit node found to turn downloaded binaries into malware

Tor provides anonymity, not security, hence using HTTPS is essential.
Tor provides anonymity, not security, hence using HTTPS is essential. A security researcher has discovered a Tor exit node that was modifying binaries downloaded through it on the… https://www.virusbulletin.com/blog/2014/10/tor-exit-node-found-turn-downloaded-binaries-malware/

Windows zero-day used in targeted attacks

Vulnerability used to download BlackEnergy trojan - as discussed during VB2014.
Vulnerability used to download BlackEnergy trojan - as discussed during VB2014. Today is going to be a busy day for system administrators: they were already on high alert following… https://www.virusbulletin.com/blog/2014/10/windows-zero-day-used-targeted-attacks/

Shellshock used to spread Mayhem

Malware switched to more effective Perl installer.
Malware switched to more effective Perl installer. One of the most prominent discussion topics during VB2014 was the 'Shellshock' vulnerability (CVE-2014-6271) in the popular Bash… https://www.virusbulletin.com/blog/2014/10/shellshock-used-spread-mayhem/

Paper: The Hulk

Raul Alvarez studies cavity file infector.
Raul Alvarez studies cavity file infector. Most file infectors increase the length of the infected file, as the malicious code is added as a new section of the host file, or to the… https://www.virusbulletin.com/blog/2014/10/paper-hulk/

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.
If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper 'Optimized mal-ops. Hack the ad network like a boss'… https://www.virusbulletin.com/blog/2014/08/malicious-ads-served-java-com/

VB2014 preview: P0wned by a barcode

Fabio Assolini to speak about malware targeting boletos.
Fabio Assolini to speak about malware targeting boletos.In the weeks running up to VB2014, we will look at some of the research that will be presented at the conference. In the… https://www.virusbulletin.com/blog/2014/08/preview-p0wned-barcode/

Paper: Inside the iOS/AdThief malware

75,000 jailbroken iOS devices infected with malware that steals ad revenues.
75,000 jailbroken iOS devices infected with malware that steals ad revenues. Believing that the device or operating system you use reduces your chance of being affected by malware… https://www.virusbulletin.com/blog/2014/08/paper-inside-ios-adthief-malware/

Paper: Mayhem - a hidden threat for *nix web servers

New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.
New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a… https://www.virusbulletin.com/blog/2014/07/paper-mayhem-hidden-threat-nix-web-servers/

Paper: VBA is not dead!

Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.Macro malware had long been assumed dead. After all, macros are disabled by… https://www.virusbulletin.com/blog/2014/07/paper-vba-not-dead/

NCA issues alert on CryptoLocker ransomware

Malware demands $1,000 ransom to decrypt files.
Malware demands $1,000 ransom to decrypt files. This weekend, the UK's National Crime Agency (NCA) issued an alert about the 'CryptoLocker' ransomware - following a similar alert… https://www.virusbulletin.com/blog/2013/11/nca-issues-alert-cryptolocker-ransomware/

Open letter asks AV companies for openness on surveillance malware

Old issue has become hot topic again following Snowden revelations.
Old issue has become hot topic again following Snowden revelations. A group of experts in privacy and digital rights has sent an open letter (pdf) to a number of anti-virus… https://www.virusbulletin.com/blog/2013/10/open-letter-asks-av-companies-openness-surveillance-malware/

Thousands of websites affected by nameserver hijack redirecting visitors to malware

DNS caching causes attack to have a long tail.
DNS caching causes attack to have a long tail. Yesterday, visitors to thousands of Dutch websites were served an 'under construction' page that, through a hidden iframe, was… https://www.virusbulletin.com/blog/2013/08/thousands-websites-affected-nameserver-hijack-redirecting-visitors-malware/

« Previous 1234567 Next »