VB Blog

VB2019 preview: Exploring Emotet, an elaborate everyday enigma

Posted by   Martijn Grooten on   Aug 26, 2019

We preview the VB2019 paper by Sophos researcher Luca Nagy, who dives deeply into the notorious Emotet malware.

Read more  

VB2019 preview: A study of Machete cyber espionage operations in Latin America

Posted by   Martijn Grooten on   Aug 22, 2019

Researchers from the Czech Technical University in Prague will present a very comprehensive overview of the Machete APT group.

Read more  

AfricaHackon 2019: a great event and a reminder that security is global

Posted by   Martijn Grooten on   Aug 19, 2019

Last week, VB Editor Martijn Grooten travelled to the Kenyan capital Nairobi to speak at the 6th edition of the AfricaHackon event.

Read more  

Virus Bulletin researcher discovers new Lord exploit kit

Posted by   Martijn Grooten on   Aug 5, 2019

Still in-development kit thus far only targets Flash Player vulnerabilities

Read more  

VB2019 call for last-minute papers opened

Posted by   Martijn Grooten on   Jul 29, 2019

The call for last-minute papers for VB2019 is now open. Submit before 1 September to have your abstract considered for one of the nine slots reserved for 'hot' research.

Read more  

Nominations opened for sixth Péter Szőr Award

Posted by   Martijn Grooten on   Jul 4, 2019

Virus Bulletin is seeking nominations for the sixth annual Péter Szőr Award.

Read more  

Haroon Meer and Adrian Sanabria to deliver VB2019 closing keynote

Posted by   Martijn Grooten on   Jun 25, 2019

New additions to the VB2019 conference programme include a closing keynote address from Thinkst duo Haroon Meer and Adrian Sanabria and a talk on attacks against payment systems.

Read more  

Free VB2019 tickets for students

Posted by   Martijn Grooten on   Jun 21, 2019

Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we are able to offer 20 free tickets to students who want to attend VB2019.

Read more  

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

Posted by   Martijn Grooten on   Jun 4, 2019

The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the group's various campaigns. Today, we publish their paper and the recording of their presentation.

Read more  

Book your VB2019 ticket now for a chance to win a ticket for BSides London

Posted by   Virus Bulletin on   May 29, 2019

Virus Bulletin is proud to sponsor this year's BSides London conference, which will take place next week, and we have a number of tickets to give away.

Read more  
Previous1...1011121314...215Next

Search blog

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and t…
Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth Read the paper (HTML) Download the paper (PDF)       Though active for not… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-different-ways-cook-crab-gandcrab-ransomware-service-raas-analysed-depth/

Guest blog: TotalAV uncovers the world’s first ransomware

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.
In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape. Rediscovered in an… https://www.virusbulletin.com/blog/2019/09/guest-blog-totalav-uncovers-worlds-first-ransomware/

VB2018 video: Behind the scenes of the SamSam investigation

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful… https://www.virusbulletin.com/blog/2018/11/vb2018-video-behind-scenes-samsam-investigation/

VB2017 paper: Nine circles of Cerber

Cerber is one of the major names in the world of ransomware, and last year, Check Point released a decryption service for the malware. Today, we publish a VB2017 paper by Check Point's Stanislav Skuratovich describing how the Cerber decryption tool worked…
Earlier this week, we published the video of a VB2017 presentation on the Spora ransomware. Spora is hardly alone in this prominent threat type though, and one of the other major… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-nine-circles-cerber/

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.
First discovered at the beginning of the year, the Spora ransomware has become one of of the most prominent ransomware families of 2017, especially in Russia, a region it appears… https://www.virusbulletin.com/blog/2017/12/vb2017-video-spora-saga-continues-k-how-ruin-your-research-week/

VB2017: nine last-minute papers announced

From attacks on Ukraine's power grid to web shells, and from car hacking to ransomware: we announce the first nine 'last-minute' papers on the VB2017 programme.
At Virus Bulletin we try not to follow the daily security hype, focusing instead on the bigger trends. This means that the topics covered on the VB2017 conference programme – the… https://www.virusbulletin.com/blog/2017/09/vb2017-nine-last-minute-papers-announced/

NoMoreRansom's first birthday demonstrates importance of collaboration

This week the NoMoreRansom project celebrated its first birthday. It has already helped many victims of ransomware with advice and tools and is an excellent example of collaboration between private and public partners in IT security.
This week, the NoMoreRansom project celebrates its first anniversary and can look back to subtle but important successes in the fight against ransomware. The advice from… https://www.virusbulletin.com/blog/2017/07/nomoreransoms-first-birthday-shows-importance-collaboration/

48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat

Whether you call it Petya, NotPetya, Nyetya or Petna, there are still many mysteries surrounding the malware that has been causing havoc around the world.
"What's in a name? that which we call a rose By any other name would smell as sweet" Shakespeare's philosophising can equally be applied to malware, and whether you call it… https://www.virusbulletin.com/blog/2017/06/48-hours-after-initial-reports-many-mysteries-around-latest-ransomwarewiper-threat-remain/

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"
For the past few days, the world of Infosec on Twitter has tried to find as many ways as possible of saying "we told you so". To be fair, it's true – we did tell you so: for… https://www.virusbulletin.com/blog/2017/may/wannacry-shows-we-need-understand-why-organisations-dont-patch/

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.
We have become used to the idea of cybersecurity stories sometimes making the mainstream news, but the UK's newspapers across the spectrum, from broadsheets to tabloids, all… https://www.virusbulletin.com/blog/2017/may/modern-security-software-not-powerless-against-threats-wannacry/

Ransomware not a problem for half of businesses

According to a report by IBM Security, 70 per cent of businesses that are the victim of a ransomware attack end up paying the ransom. However, the report also suggests that a little over half of businesses manage to avoid getting infected at all, showing …
If you are wondering why ransomware continues to thrive, a recent study from IBM Security provides a simple explanation: 70 per cent of the ransomware-infected businesses they… https://www.virusbulletin.com/blog/2017/01/ransomware-not-problem-half-businesses/

Paper: Spreading techniques used by malware

In a new paper published by Virus Bulletin, Acalvio researcher Abhishek Singh discusses some of the techniques used by malware to increase its impact by spreading further.
Malware infections usually start with a user opening an attachment, visiting a link, or simply accessing an infected site with a vulnerable browser. But once malware has infected… https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/

VB2016 preview: Cryptography mistakes in malware

At VB2016, two talks will discuss mistakes made by malware authors in cryptographic implementations. Ben Herzog and Yaniv Balmas will present a paper in which they look at a number of these mistakes, while Malwarebytes researcher hasherezade will present …
"Don't roll your own crypto", software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-presentations-cryptography-mistakes-malware/

Guest blog: Nemucod ransomware analysis

In a guest blog, Webroot researcher Jesse Lopez looks at another variant in the massive crop of malware that takes users’ files hostage: Nemucod ransomware.
In the run up to VB2016, we invited the sponsors of the conference to write guest posts for our blog. In the third of this series, Webroot's Jesse Lopez writes about the Nemucod… https://www.virusbulletin.com/blog/2016/september/guest-blog-nemucod-ransomware-analysis/

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the… https://www.virusbulletin.com/blog/2016/07/romanian-university-website-compromised-serve-neutrino-exploit-kit/

Paying a malware ransom is bad, but telling people never to do it is unhelpful advice

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.
I'm not usually one to spread panic about security issues, but in the case of the current ransomware plague, I believe that at the very least a sense of great concern is… https://www.virusbulletin.com/blog/2016/04/paying-malware-ransom-bad-telling-people-never-do-it-unhelpful-advice/

New tool helps ransomware victims indentify the malware family

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.
Malware infections are never fun, but ransomware is particularly nasty and the plague doesn't seem likely to cease any time soon: new families are spotted almost daily. A small… https://www.virusbulletin.com/blog/2016/04/new-tool-helps-ransomware-victims-indentify-malware-family/

Researchers seek ransomware samples for their generic solution

VB2015 presentation to include demonstration of technique against recent samples.
VB2015 presentation to include demonstration of technique against recent samples. 'The scary hack that's on the rise' is how Wired's Kim Zetter described ransomware in an overview… https://www.virusbulletin.com/blog/2015/09/researchers-seek-ransomware-samples-their-generic-solution/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

'RansomWeb' ransomware targets companies' databases

Encryption first added as a patch, key only removed when all backups are encrypted.
Encryption first added as a patch, key only removed when all backups are encrypted. Make backups, they said. Then you won't have to worry about ransomware, they said. Ransomware… https://www.virusbulletin.com/blog/2015/02/ransomweb-ransomware-targets-companies-databases/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.