VB Blog

McAfee in anti-phishing confusion

Posted by   Virus Bulletin on   Nov 22, 2006

Latest study rates all filters poorly, slates SiteAdvisor.

Read more  

Spammers and phishers target Christmas shoppers

Posted by   Virus Bulletin on   Nov 22, 2006

Online shoppers and email users face heightened festive risks.

Read more  

Zango still in spyware game

Posted by   Virus Bulletin on   Nov 21, 2006

Dodgy tactics continue despite ruling.

Read more  

ISS to integrate BitDefender

Posted by   Virus Bulletin on   Nov 21, 2006

Big Blue adds anti-virus and anti-spyware to desktop security product.

Read more  

Trojan planted on Chinese banking site

Posted by   Virus Bulletin on   Nov 20, 2006

Backdoor dropper sneaked onto bank card operator's servers.

Read more  

UK toughens law against DoS, tools

Posted by   Virus Bulletin on   Nov 20, 2006

New law ups penalties for hacking, but could threaten security research.

Read more  

Patch Tuesday vulnerability exploited

Posted by   Virus Bulletin on   Nov 17, 2006

Attack developed within two days of disclosure.

Read more  

Worm targets Real Media files

Posted by   Virus Bulletin on   Nov 17, 2006

McAfee warns of dangerous movies and music.

Read more  

Firefox anti-phishing better, says Mozilla

Posted by   Virus Bulletin on   Nov 16, 2006

Browser phishing filters battle for supremacy.

Read more  

Panda vulnerabilities revealed

Posted by   Virus Bulletin on   Nov 16, 2006

ActiveScan remote access holes patched, details disclosed.

Read more  
Previous1...162163164165166...215Next

Search blog

VB2017 video: Client Maximus raises the bar

At VB2017, IBM Trusteer researcher Omer Agmon, presented a 'last-minute' paper in which he analysed the Client Maximum trojan, which targets Brazilian users of online banking. Today, we release the recording of his presentation.
Brazil has long been known as a hotbed of cybercrime, but what makes the country especially unique is that a lot of this cybercrime is inwards-focused. Thus there are many malware… https://www.virusbulletin.com/blog/2018/08/vb2017-video-client-maximus-raises-bar/

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Researchers at IBM X-Force have discovered a new banking trojan, dubbed 'MnuBot', which is targeting Internet users in Brazil. The trojan performs tasks common to banking… https://www.virusbulletin.com/blog/2018/05/mnubot-banking-trojan-communicates-sql-server/

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot in…
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is… https://www.virusbulletin.com/blog/2017/11/vb2017-video-turning-trickbot-decoding-encrypted-command-and-control-channel/

VB2016 paper: Diving into Pinkslipbot's latest campaign

Qakbot or Qbot, is a banking trojan that makes the news every once in a while and was the subject of a VB2016 paper by Intel Security researchers Sanchit Karve, Guilherme Venere and Mark Olea. In it, they provided a detailed analysis of the Pinkslipbot/Qa…
Pinkslipbot, also known as Qakbot or Qbot, is a banking trojan that makes the news every once in a while, yet never seems to get the attention of the world's Zbots and Dridexes. I… https://www.virusbulletin.com/blog/2017/06/vb2016-paper-diving-pinkslipbots-latest-campaign/

VB2016 video: Nymaim: the Untold Story

Until very recently, the Nymaim banking trojan was a serious problem in Poland. Today, we publish the video of the VB2016 presentation by CERT Polska researchers Jarosław Jedynak and Maciej Kotowicz, in which they analyse this malware-dropper-turned-banki…
Every year, the Virus Bulletin conference programme includes a number of 'last-minute' papers: presentations on topics that are so hot, they are added to the programme only a few… https://www.virusbulletin.com/blog/2017/02/vb2016-video-nymaim-untold-story/

VB2016 video: Neverquest: Crime as a Service and On the Hunt for the Big Bucks

At VB2016, Peter Kruse gave a presentation detailing the Neverquest trojan, the alleged author of which was arrested in Spain earlier this month. Today, we publish the recording of Peter's presentation.
Earlier this month, Spanish police officers arrested a Russian national on suspicion of creating the Neverquest banking trojan. Neverquest, also known as Vawtrak, is one of the… https://www.virusbulletin.com/blog/2017/01/vb2016-video-neverquest-crime-service-and-hunt-big-bucks/

VB2016 paper: Modern attacks on Russian financial institutions

Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions.
Today, we publish the VB2016 paper "Modern attacks on Russian financial institutions" (here in HTML format and here in PDF format) by ESET researchers Jean-Ian Boutin and Anton… https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attacks-russian-financial-institutions/

When it comes to online banking, sub-optimal encryption isn't our biggest concern

Malware authors and scammers won't attack the crypto.
Malware authors and scammers won't attack the crypto. Under the headline "no zero-day necessary", Xiphos has published a rather scary blog post on the state of SSL security within… https://www.virusbulletin.com/blog/2016/01/when-it-comes-online-banking-sub-optimal-encryption-isn-t-our-biggest-concern/

VB2015 video: Making a dent in Russian mobile banking phishing

Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks. In the last few years, mobile malware has evolved from a mostly… https://www.virusbulletin.com/blog/2015/12/video-making-dent-russian-mobile-banking-phishing/

POODLE is the brown M&Ms of security

Just because it won't be exploited, doesn't mean you shouldn't patch it.
Just because it won't be exploited, doesn't mean you shouldn't patch it. There is a famous story about the rock band Van Halen whose lists of requirements when performing a show… https://www.virusbulletin.com/blog/2015/04/poodle-brown-m-amp-ms-security/

Does it matter if my banking password is 'Prague'?

Users do choose weak passwords, but they aren't as big a problem as we think.
Users do choose weak passwords, but they aren't as big a problem as we think. This week, I spent a few days at the Cyber Security Summit Financial Services conference in Prague,… https://www.virusbulletin.com/blog/2015/04/does-it-matter-if-my-banking-password-prague/

Box-ticking mentality leads to insecurity

Credit card company fails to understand how authentication works.
Credit card company fails to understand how authentication works. Security experts often bemoan a 'box-ticking' mentality and argue that in many cases ticking boxes doesn't address… https://www.virusbulletin.com/blog/2013/09/box-ticking-mentality-leads-insecurity/

Dutch citizens keep extra cash at hand following DDoS attacks

Month-long attacks had significant impact.
Month-long attacks had significant impact. 25% of Dutch citizens have followed advice to keep extra cash at home, following a recent spate of DDoS attacks on Dutch banks. At the… https://www.virusbulletin.com/blog/2013/05/dutch-citizens-keep-extra-cash-hand-following-ddos-attacks/

Trojan steals money from bank accounts via 'training session'

Social engineering circumvents banking security
Social engineering circumvents banking security In a new method of stealing money from customer accounts, a variant of the SpyEye trojan invites the user to make a supposedly… https://www.virusbulletin.com/blog/2011/09/trojan-steals-money-bank-accounts-training-session/

Bank's Twitter account hacked to send phishing messages

Important lessons for companies engaging in social media.
Important lessons for companies engaging in social media. Last week, the Twitter account of the Bank of Melbourne was hacked and used to send direct messages containing phishing… https://www.virusbulletin.com/blog/2011/09/bank-s-twitter-account-hacked-send-phishing-messages/

Banking malware tells user to 'refund' money

Web injection used to suggest accidental transfer.
Web injection used to suggest accidental transfer. In a new twist to banking trojans, a piece of malware found on German computers tricks victims into believing a large amount has… https://www.virusbulletin.com/blog/2011/08/banking-malware-tells-user-refund-money/

Trojan uses remote user account to control compromised machine

Malware targets customers of Brazilian banks.
Malware targets customers of Brazilian banks. Researchers at Kaspersky have discovered a piece of malware aimed at customers of Brazilian banks which creates a remote user account… https://www.virusbulletin.com/blog/2011/07/trojan-uses-remote-user-account-control-compromised-machine/

Zitmo trojan for Android defeats two-factor authentication

Malware intercepts TANs sent via SMS.
Malware intercepts TANs sent via SMS. A new variant of the Zitmo trojan has been discovered that infects mobile devices running the Android platform and which intercepts SMS… https://www.virusbulletin.com/blog/2011/07/zitmo-trojan-android-defeats-two-factor-authentication/

US court: passwords reasonable security for online banking

Security question considered second authentication factor.
Security question considered second authentication factor. A US court has declared that a combination of passwords and 'security questions' is an ample way for banks to protect… https://www.virusbulletin.com/blog/2011/06/us-court-passwords-reasonable-security-online-banking/

Banking malware hosted on Amazon's cloud servers

Trojan targets mostly Brazilian banks.
Trojan targets mostly Brazilian banks. Researchers have discovered malware hosted on Amazon Web Services that steals victims' bank account data. Acting as a rootkit, the malware… https://www.virusbulletin.com/blog/2011/06/banking-malware-hosted-amazon-s-cloud-servers/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.