VB Blog

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

Posted by   Virus Bulletin on   Apr 7, 2021

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

Read more  

VB2021 localhost call for papers: a great opportunity

Posted by   Virus Bulletin on   Mar 17, 2021

VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.

Read more  

New article: Excel Formula/Macro in .xlsb?

Posted by   Virus Bulletin on   Mar 2, 2021

In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.

Read more  

New article: Decompiling Excel Formula (XF) 4.0 malware

Posted by   Virus Bulletin on   Feb 23, 2021

In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.

Read more  

The Bagsu banker case - presentation

Posted by   Virus Bulletin on   Jan 29, 2021

At VB2019, CSIS researcher Benoît Ancel spoke about a quiet banking trojan actor that has been targeting German users since at least 2014.

Read more  

VB2021 call for papers - now open, to all!

Posted by   Virus Bulletin on   Jan 19, 2021

The call for papers for VB2021 is now open and we want to hear from you - we're planning for flexible presentation formats, so everyone is encouraged to submit, regardless of whether or not you know at this stage whether you'll be able to travel to Prague!

Read more  

In memoriam: Yonathan Klijnsma

Posted by   Virus Bulletin on   Jan 11, 2021

We were very sorry to learn of the passing of researcher Yonathan Klijnsma last week. Here, former VB Editor Martijn Grooten shares his memories of a talented researcher and a very kind person: this month, infosec lost a really good one.

Read more  

VB2020 localhost videos available on YouTube

Posted by   Virus Bulletin on   Jan 8, 2021

VB has made all VB2020 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

Read more  

VB2020 presentation & paper: 2030: backcasting the potential rise and fall of cyber threat intelligence

Posted by   Virus Bulletin on   Dec 8, 2020

At VB2020 localhost, threat intelligence consultant Jamie Collier used the analytical technique of backcasting to look at the rise and fall of the cyber threat intelligence industry.

Read more  

VB2020 presentation: Behind the Black Mirror: simulating attacks with mock C2 servers

Posted by   Virus Bulletin on   Dec 4, 2020

At VB2020 localhost, Carbon Black's Scott Knight presented an approach he and his colleagues have taken to more realistically simulate malware attacks.

Read more  
Previous1234567...215Next

Search blog

PDF trojan exploits Adobe flaw

Reader/Acrobat vulnerability targeted day after patch release.
Reader/Acrobat vulnerability targeted day after patch release. A vulnerability in Adobe's popular PDF-viewing software Adobe Reader and editing suite Acrobat, first reported a… https://www.virusbulletin.com/blog/2007/10/pdf-trojan-exploits-adobe-flaw/

Storm attack strikes back

Cute kitten cards cover latest wave of malware.
Cute kitten cards cover latest wave of malware. The Storm attack has returned with yet another wave of blended attacks, with links to the drive-by download sites of the initial… https://www.virusbulletin.com/blog/2007/10/storm-attack-strikes-back/

St. Petersburg US Consulate website hacked

Malware served by official government site.
Malware served by official government site. Web-watchers at Sophos have reported spotting malware hosted on the website of the US Consulate in St. Petersburg, using obfuscated… https://www.virusbulletin.com/blog/2007/09/st-petersburg-us-consulate-website-hacked/

Yahoo!-owned ad firm serves up trojans

Infectious flash adverts displayed on major sites.
Infectious flash adverts displayed on major sites. Advertising supplied by ad firm Right Media, a company bought out by web giant Yahoo! earlier this year after an initial… https://www.virusbulletin.com/blog/2007/09/yahoo-owned-ad-firm-serves-trojans/

Storm DDoS hits anti-scam sites

419 fighters attacked - NFL and TOR latest spam hooks.
419 fighters attacked - NFL and TOR latest spam hooks. The massive botnet amassed by the 'Storm' (Zhelatin/Nuwar/Dorf/etc.) attack continues to target new victims, with the TOR… https://www.virusbulletin.com/blog/2007/09/storm-ddos-hits-anti-scam-sites/

YouTube latest Storm hook

Fake video links aim to pull in yet more victims.
Fake video links aim to pull in yet more victims. The never-ending stream of 'Storm' attacks continued over the weekend with a new tactic - the latest spammed email campaign… https://www.virusbulletin.com/blog/2007/08/youtube-latest-storm-hook/

Latest Storm barrage offers site memberships

New tactic provides logins to special-interest sites.
New tactic provides logins to special-interest sites. The 'Storm' attack has changed tactic yet again, with the latest set of spams providing login details to a wide selection of… https://www.virusbulletin.com/blog/2007/08/latest-storm-barrage-offers-site-memberships/

Monster haul of data reaped from job site

Trojan gathers 1.6 million sets of jobseeker records.
Trojan gathers 1.6 million sets of jobseeker records. Researchers at Symantec have reported discovering a server carrying 1.6 million entries from the popular jobseeking website… https://www.virusbulletin.com/blog/2007/08/monster-haul-data-reaped-job-site/

AVK tops latest AV-Test charts

Top four beat 99% in large collection scan.
Top four beat 99% in large collection scan. Testers at AV-Test.org have run 29 products over a massive collection of malware samples, with detection rates measured against 874,822… https://www.virusbulletin.com/blog/2007/08/avk-tops-latest-av-test-charts/

Storm e-card malware keeps on coming

No end to flood of fake friendly greetings.
No end to flood of fake friendly greetings. A further wave of e-cards carrying links to 'Storm' malware (various labelled Nuwar, Peacomm, Dorf, Zhelatin) has been hitting inboxes… https://www.virusbulletin.com/blog/2007/08/storm-e-card-malware-keeps-coming/

Worries of Storm forming massive botnet

DDoS danger looms as infection levels boom.
DDoS danger looms as infection levels boom. Repeated waves of the 'Storm' trojan attacks continue to be spammed out, with the latest using more eCards to hook in still more… https://www.virusbulletin.com/blog/2007/08/worries-storm-forming-massive-botnet/

Trojans and worms hiding behind games

Mario latest lure to hook victims on malware.
Mario latest lure to hook victims on malware. Social engineering techniques used to trick computer users into running malicious code on their systems concentrate around simple… https://www.virusbulletin.com/blog/2007/08/trojans-and-worms-hiding-behind-games/

Ransomware returns

Trojan hides personal data, demands money with menaces.
Trojan hides personal data, demands money with menaces. A new version of a ransomware trojan has been sighted, recalling the warnings of two years ago when similar items first… https://www.virusbulletin.com/blog/2007/07/ransomware-returns/

Trojan using webmail to send spam

Captcha systems possibly cracked to automate account creation.
Captcha systems possibly cracked to automate account creation.BitDefender has reported a new trojan attempting to bypass security measures on leading webmail systems Hotmail and… https://www.virusbulletin.com/blog/2007/07/trojan-using-webmail-send-spam/

Fourth of July targeted by trojan spam

Celebration card emails carry links to malware.
Celebration card emails carry links to malware. A further wave of greetings-card spam has been widely seeded, in the wake of considerable Storm Worm activity in the last week, with… https://www.virusbulletin.com/blog/2007/07/fourth-july-targeted-trojan-spam/

NOD32 alerts on suspect adverts

False positive reveals sneaky techniques used in ads.
False positive reveals sneaky techniques used in ads.ESET's NOD32 product was updated several times in close succession over the weekend, as false positives were introduced… https://www.virusbulletin.com/blog/2007/07/nod32-alerts-suspect-adverts/

Fake updates and phony postcards carry malware

Microsoft patch and greetings card spams bring more trojans.
Microsoft patch and greetings card spams bring more trojans. Several spam runs posing as vulnerability alerts from Microsoft have been spotted in the last week, with links to… https://www.virusbulletin.com/blog/2007/07/fake-updates-and-phony-postcards-carry-malware/

1.4 million Chinese infected over holiday week

May vacations bring trojan avalanche for gamers and filesharers.
May vacations bring trojan avalanche for gamers and filesharers. Chinese computers, in heavy use with many people off work for the Labour Day holiday week, have suffered a major… https://www.virusbulletin.com/blog/2007/05/1-4-million-chinese-infected-over-holiday-week/

Phishing moves into more new areas

Surveys, phone lines, USB sticks and call girls the latest tactics for spammers and phishers.
Surveys, phone lines, USB sticks and call girls the latest tactics for spammers and phishers. The latest social-engineering methods being put to use by phishers show no let up in… https://www.virusbulletin.com/blog/2007/05/phishing-moves-more-new-areas/

« Previous 12345 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.