VB Blog

Patch early, patch often, but don't blindly trust every 'patch'

Posted by   Martijn Grooten on   Apr 16, 2018

Compromised websites are being used to serve fake Flash Player uploads that come with a malicious payload.

Read more  

Virus Bulletin at RSA

Posted by   Martijn Grooten on   Apr 13, 2018

Next week, VB Editor Martijn Grooten will be at the RSA Conference in San Francisco.

Read more  

Broad-ranging and international VB2018 programme announced

Posted by   Martijn Grooten on   Apr 11, 2018

VB is excited to reveal the details of an interesting and diverse programme for VB2018, the 28th Virus Bulletin International Conference, which takes place 3-5 October in Montreal, Canada.

Read more  

Netflix issue shows email verification really does matter

Posted by   Martijn Grooten on   Apr 10, 2018

A clever trick taking advantage of the fact that Gmail ignores dots in email addresses could be used to trick someone into paying for your Netflix subscription - demonstrating the importance of confirmed opt-in.

Read more  

VB2017 paper: Exploring the virtual worlds of advergaming

Posted by   Martijn Grooten on   Apr 10, 2018

At VB2017 in Madrid, Malwarebytes' Chris Boyd presented a paper in which he looked at various aspects of advergaming, from unreadable EULAs to fake programs that promise to block ads. Today, we publish both the paper and the recording of Chris's presentation.

Read more  

New paper: Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Posted by   Martijn Grooten on   Mar 27, 2018

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. Today, we publish a new paper by a group of researchers affiliated with various UK universities and companies, which looks at how machine-learning methods can be used to detect app collusions.

Read more  

VB2016 paper: Wild Android collusions

Posted by   Martijn Grooten on   Mar 26, 2018

At VB2016 in Denver, Jorge Blasco presented a paper (co-written with Thomas M. Chen, Igor Muttik and Markus Roggenbach), in which he discussed the concept of app collusion - where two (or more) apps installed on the same device work together to collect and extract data from the device - and presented discoveries of colluding code in many in-the-wild apps. Today, we publish both the paper and the recording of Jorge's presentation.

Read more  

VB2017 paper: The life story of an IPT - Inept Persistent Threat actor

Posted by   Martijn Grooten on   Mar 19, 2018

At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording of Adam's presentation.

Read more  

Five reasons to submit a VB2018 paper this weekend

Posted by   Martijn Grooten on   Mar 16, 2018

The call for papers for VB2018 closes on 18 March, and while we've already received many great submissions, we still want more! Here are five reasons why you should submit a paper this weekend.

Read more  

First partners of VB2018 announced

Posted by   Martijn Grooten on   Mar 15, 2018

We are excited to announce the first six companies to partner with VB2018.

Read more  
Previous1...2223242526...215Next

Search blog

VB2017 paper: Exploring the virtual worlds of advergaming

At VB2017 in Madrid, Malwarebytes' Chris Boyd presented a paper in which he looked at various aspects of advergaming, from unreadable EULAs to fake programs that promise to block ads. Today, we publish both the paper and the recording of Chris's presentat…
At VB2016 in Denver, Malwarebytes researchers Jérôme Segura and Chris Boyd presented a paper on malicious advertising, or malvertising. At the end of the paper, as they looked at… https://www.virusbulletin.com/blog/2018/04/vb2017-paper-exploring-virtual-worlds-advergaming/

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them wi…
In his VB2014 paper, Bromium researcher Vadim Kotov sketched the possibilities for malicious actors to use web ads to spread exploit kits. Unsurprisingly, malicious actors also… https://www.virusbulletin.com/blog/2017/may/vb2016-paper-uncovering-secrets-malvertising/

VB2016 preview: Uncovering the Secrets of Malvertising

Malvertising, in which legitimate ad networks are abused to silently infect users with malware, has become a real plague in recent years. A VB2016 paper by Malwarebytes researchers Jérôme Segura and Chris Boyd will look at the issue.
Two years ago, at VB2014, Bromium researcher Vadim Kotov presented a paper in which he looked at various possibilities for cybercriminals to leverage ad networks to spread… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-uncovering-secrets-malvertising/

Advertisements on Blogspot sites lead to support scam

Support scam pop-ups presented through malicious advertisements show that, next to vulnerable end points, gullible users remain an easy source of money for online criminals.
In our research for the VBWeb tests, in which we measure the ability of security products to block malicious web traffic, we recently noticed some sites hosted on Google's… https://www.virusbulletin.com/blog/2016/05/advertisements-blogspot-sites-lead-support-scam/

Let's Encrypt certificate used in malversiting

We'd better get used to a world where malicious traffic is encrypted too.
We'd better get used to a world where malicious traffic is encrypted too. According to some people, myself included, Let's Encrypt was one of the best things that happened to the… https://www.virusbulletin.com/blog/2016/01/let-s-encrypt-certificate-used-malversiting/

Adobe to patch Flash Player zero-day next week

Patch due next week as malvertising leads to Bedep trojan downloader.
Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe's Flash Player actively being exploited reached the security… https://www.virusbulletin.com/blog/2015/01/adobe-patch-flash-player-zero-day-next-week/

VB2014 paper: Optimized mal-ops. Hack the ad network like a boss

Why buying ad space makes perfect sense for those wanting to spread malware.
Why buying ad space makes perfect sense for those wanting to spread malware.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the… https://www.virusbulletin.com/blog/2014/11/paper-optimized-mal-ops-hack-ad-network-boss/

Malicious ads served on java.com

If you do need to run plug-ins, make sure you enable click-to-play.
If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper 'Optimized mal-ops. Hack the ad network like a boss'… https://www.virusbulletin.com/blog/2014/08/malicious-ads-served-java-com/

VB2014 preview: Optimized mal-ops. Hack the ad network like a boss

Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.
Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.In the weeks running up to VB2014 (the 24th Virus Bulletin International… https://www.virusbulletin.com/blog/2014/08/preview-optimized-mal-ops-hack-ad-network-boss/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.