VB Blog

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

Posted by   Martijn Grooten on   Nov 22, 2019

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his presentation.

Read more  

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Posted by   Martijn Grooten on   Nov 21, 2019

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and the affiliate scheme behind it. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Domestic Kitten: an Iranian surveillance program

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video of their presentation.

Read more  

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

Posted by   Martijn Grooten on   Nov 18, 2019

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

Read more  

VB2019 paper: DNS on fire

Posted by   Martijn Grooten on   Nov 7, 2019

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

Read more  

German Dridex spam campaign is unfashionably large

Posted by   Martijn Grooten on   Nov 6, 2019

VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.

Read more  

Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

Posted by   Martijn Grooten on   Nov 5, 2019

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.

Read more  

Emotet continues to bypass many email security products

Posted by   Martijn Grooten on   Nov 4, 2019

Having returned from a summer hiatus, Emotet is back targeting inboxes and, as seen in the VBSpam test lab, doing a better job than most other malicious campaigns at bypassing email security products.

Read more  

VB2019 paper: We need to talk - opening a discussion about ethics in infosec

Posted by   Martijn Grooten on   Nov 1, 2019

Those working in the field of infosec are often faced with ethical dilemmas that are impossible to avoid. Today, we publish a VB2019 paper by Kaspersky researcher Ivan Kwiatkowski looking at ethics in infosec as well as the recording of Ivan's presentation.

Read more  

Stalkerware poses particular challenges to anti-virus products

Posted by   Martijn Grooten on   Oct 31, 2019

Malware used in domestic abuse situations is a growing threat, and the standard way for anti-virus products to handle such malware may not be good enough. But that doesn't mean there isn't an important role for anti-virus to play.

Read more  
Previous1...7891011...215Next

Search blog

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered… https://www.virusbulletin.com/blog/2018/10/emotet-trojan-starts-stealing-full-emails-infected-machines/

VB2017 video: Client Maximus raises the bar

At VB2017, IBM Trusteer researcher Omer Agmon, presented a 'last-minute' paper in which he analysed the Client Maximum trojan, which targets Brazilian users of online banking. Today, we release the recording of his presentation.
Brazil has long been known as a hotbed of cybercrime, but what makes the country especially unique is that a lot of this cybercrime is inwards-focused. Thus there are many malware… https://www.virusbulletin.com/blog/2018/08/vb2017-video-client-maximus-raises-bar/

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Researchers at IBM X-Force have discovered a new banking trojan, dubbed 'MnuBot', which is targeting Internet users in Brazil. The trojan performs tasks common to banking… https://www.virusbulletin.com/blog/2018/05/mnubot-banking-trojan-communicates-sql-server/

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot in…
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is… https://www.virusbulletin.com/blog/2017/11/vb2017-video-turning-trickbot-decoding-encrypted-command-and-control-channel/

Worms wiggling inside your networks are a lot harder to stop

The authors of the Trickbot banking trojan seem to have taken note of the use of SMB by WannaCry and (Not)Petya and have added an (experimental) module that uses SMB for lateral movement.
Damaging though they were, the recent WannaCry and (Not)Petya outbreaks taught security practitioners many valuable lessons. Unfortunately, they taught important lessons to… https://www.virusbulletin.com/blog/2017/08/worms-wiggling-inside-your-networks-are-lot-harder-stop/

VB2016 paper: Diving into Pinkslipbot's latest campaign

Qakbot or Qbot, is a banking trojan that makes the news every once in a while and was the subject of a VB2016 paper by Intel Security researchers Sanchit Karve, Guilherme Venere and Mark Olea. In it, they provided a detailed analysis of the Pinkslipbot/Qa…
Pinkslipbot, also known as Qakbot or Qbot, is a banking trojan that makes the news every once in a while, yet never seems to get the attention of the world's Zbots and Dridexes. I… https://www.virusbulletin.com/blog/2017/06/vb2016-paper-diving-pinkslipbots-latest-campaign/

VB2016 video: Neverquest: Crime as a Service and On the Hunt for the Big Bucks

At VB2016, Peter Kruse gave a presentation detailing the Neverquest trojan, the alleged author of which was arrested in Spain earlier this month. Today, we publish the recording of Peter's presentation.
Earlier this month, Spanish police officers arrested a Russian national on suspicion of creating the Neverquest banking trojan. Neverquest, also known as Vawtrak, is one of the… https://www.virusbulletin.com/blog/2017/01/vb2016-video-neverquest-crime-service-and-hunt-big-bucks/

Throwback Thursday: I say Virus, You say Trojan

This Throwback Thursday, VB heads back to 1998 — a time when anti-virus vendors avoided tackling non-replicating trojans, worms, jokes and corrupted files.
This Throwback Thursday, VB heads back to 1998 — a time when anti-virus vendors avoided tackling non-replicating trojans, worms, jokes and corrupted files. Today, the idea of… https://www.virusbulletin.com/blog/2016/01/throwback-thursday-i-say-virus-you-say-trojan/

Paper: Shifu — the rise of a self-destructive banking trojan

Thorough analysis of this new kid on the malware block.
Thorough analysis of this new kid on the malware block. Times are changing rapidly for banking trojans. Some prominent arrests and at least partially successful takedowns have left… https://www.virusbulletin.com/blog/2015/11/paper-shifu-rise-self-destructive-banking-trojan/

Paper: Not a GAMe maKER

Raul Alvarez performs low-level analysis of information-stealing trojan.
Raul Alvarez performs low-level analysis of information-stealing trojan. The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the… https://www.virusbulletin.com/blog/2015/08/paper-not-game-maker/

Paper: Life after the apocalypse for the Middle Eastern NJRat campaign

Malware authors upped their game following 2014 disruption of No-IP.
Malware authors upped their game following 2014 disruption of No-IP. In June last year, somewhat controversially Microsoft moved against dynamic DNS provider No-IP and seized 22 of… https://www.virusbulletin.com/blog/2015/08/paper-life-after-apocalypse-middle-eastern-njrat-campaign/

Vawtrak uses Tor2Web to connect to Tor hidden C&C servers

Option hides the servers, without having to include a Tor client in the malware.
Option hides the servers, without having to include a Tor client in the malware. The authors of the Vawtrak trojan (also known as Neverquest) have moved some of its C&C servers to… https://www.virusbulletin.com/blog/2015/06/vawtrak-uses-tor2web-connect-tor-hidden-c-amp-c-servers/

Vawtrak trojan spread through malicious Office macros

Users easily tricked, but plenty of opportunity for the malware to be blocked.
Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the 'Vawtrak' banking trojan now also spreads through Office… https://www.virusbulletin.com/blog/2015/02/vawtrak-trojan-spread-through-malicious-office-macros/

Adobe to patch Flash Player zero-day next week

Patch due next week as malvertising leads to Bedep trojan downloader.
Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe's Flash Player actively being exploited reached the security… https://www.virusbulletin.com/blog/2015/01/adobe-patch-flash-player-zero-day-next-week/

VB2014 paper: The evolution of webinjects

Jean-Ian Boutin looks at the increased commoditization of webinjects.
Jean-Ian Boutin looks at the increased commoditization of webinjects.Virus Bulletin has always been about sharing information, and the Virus Bulletin conference is an important… https://www.virusbulletin.com/blog/2014/10/paper-evolution-webinjects/

Paper: Not old enough to be forgotten: the new chic of Visual Basic 6

Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++.
Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++. Two months ago, Microsoft announced it had added 'Miuref' to its Malicious Software… https://www.virusbulletin.com/blog/2014/07/paper-not-old-enough-be-forgotten-new-chic-visual-basic-6/

Cheap Android phone comes shipped with spyware

Trojan masquerades as Google Play app; cannot be removed.
Trojan masquerades as Google Play app; cannot be removed. Researchers at German security firm G Data have discovered Android smartphones that come shipped with spyware. The phone… https://www.virusbulletin.com/blog/2014/06/cheap-android-phone-comes-shipped-spyware/

Game over for GameOver Zeus botnet?

Coordinated effort against gang that's also behind CryptoLocker ransomware.
Coordinated effort against gang that's also behind CryptoLocker ransomware. A large, coordinated effort involving law enforcement, security vendors and various security… https://www.virusbulletin.com/blog/2014/06/game-over-gameover-zeus-botnet/

Spam link sends Android users to trojan proxy

Meanwhile, desktop users sent to (relatively harmless) weight-loss site.
Meanwhile, desktop users sent to (relatively harmless) weight-loss site. Links found in certain spam emails which redirect desktop users to a phony weight-loss website, have been… https://www.virusbulletin.com/blog/2013/03/spam-link-sends-android-users-trojan-proxy/

Anti-virus software significantly shortens life of banking trojans

Security software causes malware to run for less than a third as long.
Security software causes malware to run for less than a third as long. 'Does anti-virus software actually help?' is a question often asked, even by security experts - who point to… https://www.virusbulletin.com/blog/2012/10/anti-virus-software-significantly-shortens-life-banking-trojans/

« Previous 12345 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.