VB Blog

VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

Posted by   Martijn Grooten on   Nov 28, 2019

Today we publish a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China in which they analysed an APT group dubbed 'Poison Vine', which targeted various government, military and research institutes in China.

Read more  

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

Posted by   Martijn Grooten on   Nov 22, 2019

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his presentation.

Read more  

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Posted by   Martijn Grooten on   Nov 21, 2019

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and the affiliate scheme behind it. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Domestic Kitten: an Iranian surveillance program

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video of their presentation.

Read more  

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

Read more  

VB2019 paper: DNS on fire

Posted by   Martijn Grooten on   Nov 7, 2019

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

Read more  

German Dridex spam campaign is unfashionably large

Posted by   Martijn Grooten on   Nov 6, 2019

VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.

Read more  

Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

Posted by   Martijn Grooten on   Nov 5, 2019

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.

Read more  

Emotet continues to bypass many email security products

Posted by   Martijn Grooten on   Nov 4, 2019

Having returned from a summer hiatus, Emotet is back targeting inboxes and, as seen in the VBSpam test lab, doing a better job than most other malicious campaigns at bypassing email security products.

Read more  

VB2019 paper: We need to talk - opening a discussion about ethics in infosec

Posted by   Martijn Grooten on   Nov 1, 2019

Those working in the field of infosec are often faced with ethical dilemmas that are impossible to avoid. Today, we publish a VB2019 paper by Kaspersky researcher Ivan Kwiatkowski looking at ethics in infosec as well as the recording of Ivan's presentation.

Read more  
Previous1...7891011...215Next

Search blog

VB2014 paper: Quantifying maliciousness in Alexa top-ranked domains

Paul Royal looks at malware served through the most popular websites.
Paul Royal looks at malware served through the most popular websites. Though VB2014 took place nine months ago, most of the papers presented during the conference remain very… https://www.virusbulletin.com/blog/2015/06/paper-quantifying-maliciousness-alexa-top-ranked-domains/

VB2014 paper: Swipe away, we're watching you

Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.
Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.Since the close of the VB2014 conference in Seattle in October, we have been… https://www.virusbulletin.com/blog/2015/04/paper-swipe-away-we-re-watching-you/

Paper: a timeline of mobile botnets

Ruchna Nigam provides an overview of more than 60 mobile malware families.
Ruchna Nigam provides an overview of more than 60 mobile malware families. The rise of mobile malware is still a relatively recent thing, with the first actual mobile botnets not… https://www.virusbulletin.com/blog/2015/03/paper-timeline-mobile-botnets/

Facebook launches platform for sharing of threat intelligence

Twitter, Yahoo! amongst early participants in 'ThreatExchange'.
Twitter, Yahoo! amongst early participants in 'ThreatExchange'. When I took my first steps in the security industry, I was surprised by just how much information was shared between… https://www.virusbulletin.com/blog/2015/02/facebook-launches-platform-sharing-threat-intelligence/

VB2014 paper: P0wned by a barcode: stealing money from offline users

Fabio Assolini explains how cybercriminals are targeting boletos.
Fabio Assolini explains how cybercriminals are targeting boletos.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as… https://www.virusbulletin.com/blog/2015/02/paper-p0wned-barcode-stealing-money-offline-users/

Conference review: Botconf 2014

Second edition of 'botnet fighting conference' another great success.
Second edition of 'botnet fighting conference' another great success. I had been looking forward to the second edition of the Botconf conference ever since I came back from the… https://www.virusbulletin.com/blog/2014/12/conference-review-botconf-2014/

Macro malware on the rise again

Users taught that having to enable enhanced security features is no big deal.
Users taught that having to enable enhanced security features is no big deal. When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past,… https://www.virusbulletin.com/blog/2014/11/macro-malware-rise-again/

VB2014 paper: Methods of malware persistence on Mac OS X

'KnockKnock' tool made available to the public.
'KnockKnock' tool made available to the public.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we… https://www.virusbulletin.com/blog/2014/10/paper-methods-malware-persistence-mac-os-x/

Tor exit node found to turn downloaded binaries into malware

Tor provides anonymity, not security, hence using HTTPS is essential.
Tor provides anonymity, not security, hence using HTTPS is essential. A security researcher has discovered a Tor exit node that was modifying binaries downloaded through it on the… https://www.virusbulletin.com/blog/2014/10/tor-exit-node-found-turn-downloaded-binaries-malware/

Windows zero-day used in targeted attacks

Vulnerability used to download BlackEnergy trojan - as discussed during VB2014.
Vulnerability used to download BlackEnergy trojan - as discussed during VB2014. Today is going to be a busy day for system administrators: they were already on high alert following… https://www.virusbulletin.com/blog/2014/10/windows-zero-day-used-targeted-attacks/

Paper: The Hulk

Raul Alvarez studies cavity file infector.
Raul Alvarez studies cavity file infector. Most file infectors increase the length of the infected file, as the malicious code is added as a new section of the host file, or to the… https://www.virusbulletin.com/blog/2014/10/paper-hulk/

Shellshock used to spread Mayhem

Malware switched to more effective Perl installer.
Malware switched to more effective Perl installer. One of the most prominent discussion topics during VB2014 was the 'Shellshock' vulnerability (CVE-2014-6271) in the popular Bash… https://www.virusbulletin.com/blog/2014/10/shellshock-used-spread-mayhem/

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.
If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper 'Optimized mal-ops. Hack the ad network like a boss'… https://www.virusbulletin.com/blog/2014/08/malicious-ads-served-java-com/

VB2014 preview: P0wned by a barcode

Fabio Assolini to speak about malware targeting boletos.
Fabio Assolini to speak about malware targeting boletos.In the weeks running up to VB2014, we will look at some of the research that will be presented at the conference. In the… https://www.virusbulletin.com/blog/2014/08/preview-p0wned-barcode/

Paper: Inside the iOS/AdThief malware

75,000 jailbroken iOS devices infected with malware that steals ad revenues.
75,000 jailbroken iOS devices infected with malware that steals ad revenues. Believing that the device or operating system you use reduces your chance of being affected by malware… https://www.virusbulletin.com/blog/2014/08/paper-inside-ios-adthief-malware/

Paper: Mayhem - a hidden threat for *nix web servers

New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.
New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a… https://www.virusbulletin.com/blog/2014/07/paper-mayhem-hidden-threat-nix-web-servers/

Paper: VBA is not dead!

Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.Macro malware had long been assumed dead. After all, macros are disabled by… https://www.virusbulletin.com/blog/2014/07/paper-vba-not-dead/

NCA issues alert on CryptoLocker ransomware

Malware demands $1,000 ransom to decrypt files.
Malware demands $1,000 ransom to decrypt files. This weekend, the UK's National Crime Agency (NCA) issued an alert about the 'CryptoLocker' ransomware - following a similar alert… https://www.virusbulletin.com/blog/2013/11/nca-issues-alert-cryptolocker-ransomware/

Open letter asks AV companies for openness on surveillance malware

Old issue has become hot topic again following Snowden revelations.
Old issue has become hot topic again following Snowden revelations. A group of experts in privacy and digital rights has sent an open letter (pdf) to a number of anti-virus… https://www.virusbulletin.com/blog/2013/10/open-letter-asks-av-companies-openness-surveillance-malware/

Thousands of websites affected by nameserver hijack redirecting visitors to malware

DNS caching causes attack to have a long tail.
DNS caching causes attack to have a long tail. Yesterday, visitors to thousands of Dutch websites were served an 'under construction' page that, through a hidden iframe, was… https://www.virusbulletin.com/blog/2013/08/thousands-websites-affected-nameserver-hijack-redirecting-visitors-malware/

« Previous 1234567 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.