VB Blog

VB2019 paper: Defeating APT10 compiler-level obfuscations

Posted by   Virus Bulletin on   Mar 13, 2020

At VB2019 in London, Carbon Black researcher Takahiro Haruyama presented a paper on defeating compiler-level obfuscations used by the APT10 group. Today we publish both Takahiro's paper and the recording of his presentation.

Read more  

VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Posted by   Virus Bulletin on   Mar 12, 2020

At VB2019 in London Michael Raggi (Proofpoint) and Ghareeb Saad (Anomali) presented a paper on the 'Royal Road' exploit builder (or weaponizer) and how the properties of RTF files can be used to track weaponizers and their users. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 presentation: Nexus between OT and IT threat intelligence

Posted by   Virus Bulletin on   Mar 11, 2020

Operational technology, the mission critical IT in ICS, shares many similarities with traditional IT systems, but also some crucial differences. During the Threat Intelligence Practitioners’ Summit at VB2019, Dragos cyber threat intelligence analyst Selena Larson gave a keynote on these similarities and differences. Today we release the recording of her presentation.

Read more  

VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

Posted by   Virus Bulletin on   Mar 10, 2020

In a paper presented at VB2019 in London, researchers fron the Financial Security Institute detailed the tools and activities used by the APT group 'Kimsuky', some of which they were able to analyse through OpSec failures by the group. Today, we publish their paper.

Read more  

VB2019 paper: Play fuzzing machine - hunting iOS and macOS kernel vulnerabilities automatically and smartly

Posted by   Virus Bulletin on   Mar 9, 2020

In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how the hunt for vulnerabilities in MacOS and iOS operating systems can be made both smarter and more automatic. Today we publish both their paper and the recording of their presentation.

Read more  

VB2019 paper: Finding drive-by rookies using an automated active observation platform

Posted by   Virus Bulletin on   Mar 6, 2020

In a last-minute paper presented at VB2019 in London, Rintaro Koike (NTT Security) and Yosuke Chubachi (Active Defense Institute, Ltd) discussed the platform they have built to automatically detect and analyse exploit kits. Today we publish the recording of their presentation.

Read more  

VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary

Posted by   Virus Bulletin on   Feb 28, 2020

The activities of China-based threat actor PKPLUG were detailed in a VB2019 paper by Palo Alto Networks researcher Alex Hinchliffe, who described the playbook of this long-standing adversary. Today we publish both Alex's paper and the recording of his presentation.

Read more  

VB2019 paper: Static analysis methods for detection of Microsoft Office exploits

Posted by   Virus Bulletin on   Feb 25, 2020

Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits.

Read more  

New paper: LokiBot: dissecting the C&C panel deployments

Posted by   Helen Martin on   Feb 17, 2020

First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. In a new paper researcher Aditya Sood analyses the URL structure of the LokiBot C&C panels and how they have evolved over time.

Read more  

VB2019 presentation: Building secure sharing systems that treat humans as features not bugs

Posted by   Helen Martin on   Feb 14, 2020

In a presentation at VB2019 in London, Virtru's Andrea Limbago described how, by exploring data sharing challenges through a socio-technical lens, it is possible to make significant gains toward the secure sharing systems and processes that are vital for innovation and collaboration. Today we release the recording of her presentation.

Read more  
Previous1234567...215Next

Search blog

VB2012 last-minute papers announced

Hot topics to be covered at VB conference in Dallas.
Hot topics to be covered at VB conference in Dallas. For the last six years, VB has set aside a section of the VB conference for 'last-minute' papers, the idea being that… https://www.virusbulletin.com/blog/2012/09/last-minute-papers-announced/

Gach do bonn a mbaineann a chur chugainn

Why cybercriminals may have a reason for using Irish language in a ransomware scam.
Why cybercriminals may have a reason for using Irish language in a ransomware scam. According to a story that made the security headlines this weekend, and which seems to orginate… https://www.virusbulletin.com/blog/2012/09/gach-do-bonn-mbaineann-chur-chugainn/

Thousands of websites infected with .htaccess redirect attack

Various anti-detection methods applied.
Various anti-detection methods applied. Thousands of legitimate websites have seen .htaccess files compromised and as a consequence have been used to serve the 'Milisenco' trojan,… https://www.virusbulletin.com/blog/2012/07/thousands-websites-infected-htaccess-redirect-attack/

Android malware hides inside JPG image

New LeNa variant no longer depends on rooted devices.
New LeNa variant no longer depends on rooted devices. Researchers at Lookout have discovered a new version of the 'LeNa' trojan for Android that does not require user interaction… https://www.virusbulletin.com/blog/2012/04/android-malware-hides-inside-jpg-image/

Microsoft Word for Mac exploit used in targeted attacks

Tibetan NGOs targeted.
Tibetan NGOs targeted. Researchers at Alienvault have discovered a targeted attack against Tibetan NGOs that uses a three-year-old vulnerability in Microsoft Office for Mac.… https://www.virusbulletin.com/blog/2012/03/microsoft-word-mac-exploit-used-targeted-attacks/

'Unsubscribe' URL in junk fax leads to malware

Trojan downloader behind .co.cc URL.
Trojan downloader behind .co.cc URL. Researchers at Vircom have discovered a junk fax with an 'unsubscribe' URL which contained a trojan downloader. Junk faxes (also known as 'fax… https://www.virusbulletin.com/blog/2012/02/unsubscribe-url-junk-fax-leads-malware/

Sykipot trojan used to target smart cards

Defence companies among small number of targets.
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the 'Sykipot' trojan that is being used to target organisations that make… https://www.virusbulletin.com/blog/2012/01/sykipot-trojan-used-target-smart-cards/

'Nitro attacks' continue

PoisonIvy trojan sent attached to email warning about the same trojan.
PoisonIvy trojan sent attached to email warning about the same trojan. Researchers at Symantec report that the 'Nitro attacks', which target a number of large companies, many of… https://www.virusbulletin.com/blog/2011/12/nitro-attacks-continue/

SMS trojan targets Android users in eight western countries

Will another piece of mobile malware convince Google manager of the seriousness of the threat?
Will another piece of mobile malware convince Google manager of the seriousness of the threat? Researchers at Kaspersky have discovered an SMS trojan for Android phones that… https://www.virusbulletin.com/blog/2011/11/sms-trojan-targets-android-users-eight-western-countries/

DNS poisoning attack targeting Brazilian customers

ISP employee suspected of changing DNS cache.
ISP employee suspected of changing DNS cache. Millions of Internet users in Brazil may have been exposed to malware after the DNS caches of their ISPs were modified to redirect… https://www.virusbulletin.com/blog/2011/11/dns-poisoning-attack-targeting-brazilian-customers/

'Son of Stuxnet' trojan found

'Duqu' used in targeted attacks to steal specific information.
'Duqu' used in targeted attacks to steal specific information. Researchers at both Symantec and McAfee have discovered a new Remote Access Trojan (RAT) with strong links to Stuxnet… https://www.virusbulletin.com/blog/2011/10/son-stuxnet-trojan-found/

Mac trojan is VMware-aware

Malicious execution stopped when virtual environment is detected.
Malicious execution stopped when virtual environment is detected. Researchers at F-Secure have found a variant of the 'Flashback' trojan for Mac (a fake Adobe Flash Player update)… https://www.virusbulletin.com/blog/2011/10/mac-trojan-vmware-aware/

Government trojan found on German computers

Four states admit the use of spyware.
Four states admit the use of spyware. Controversy has arisen in Germany, after the well-known CCC hacker group reported that it had found a trojan that was used to spy on behalf of… https://www.virusbulletin.com/blog/2011/10/government-trojan-found-german-computers/

Attack targets government agencies in CIS countries

Trojans used to steal specific files.
Trojans used to steal specific files. Researchers at Trend Micro have discovered an ongoing targeted attack against, among others, government agencies and diplomatic missions in… https://www.virusbulletin.com/blog/2011/09/attack-targets-government-agencies-cis-countries/

Trojan steals money from bank accounts via 'training session'

Social engineering circumvents banking security
Social engineering circumvents banking security In a new method of stealing money from customer accounts, a variant of the SpyEye trojan invites the user to make a supposedly… https://www.virusbulletin.com/blog/2011/09/trojan-steals-money-bank-accounts-training-session/

Researchers find email used in RSA hack

Email with malicious attachment uploaded to online scanning service
Email with malicious attachment uploaded to online scanning service Researchers at F-Secure have managed to obtain the file used in the targeted attack against security vendor RSA… https://www.virusbulletin.com/blog/2011/08/researchers-find-email-used-rsa-hack/

Explosive growth of malicious spam

Spam filters less likely to block current malware campaigns.
Spam filters less likely to block current malware campaigns. While several reports show that the global levels of spam have seen a steady decline over the past year, this month has… https://www.virusbulletin.com/blog/2011/08/explosive-growth-malicious-spam/

Fake codec trojan disables anti-virus software

Victim tricked into believing security software still active.
Victim tricked into believing security software still active. A new trojan, discovered by researchers at ESET, spreads itself via fake codecs, then disables running anti-virus… https://www.virusbulletin.com/blog/2011/08/fake-codec-trojan-disables-anti-virus-software/

Banking malware tells user to 'refund' money

Web injection used to suggest accidental transfer.
Web injection used to suggest accidental transfer. In a new twist to banking trojans, a piece of malware found on German computers tricks victims into believing a large amount has… https://www.virusbulletin.com/blog/2011/08/banking-malware-tells-user-refund-money/

Trojan uses remote user account to control compromised machine

Malware targets customers of Brazilian banks.
Malware targets customers of Brazilian banks. Researchers at Kaspersky have discovered a piece of malware aimed at customers of Brazilian banks which creates a remote user account… https://www.virusbulletin.com/blog/2011/07/trojan-uses-remote-user-account-control-compromised-machine/

« Previous 12345 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.