VB Blog

New additions complete the VB2020 localhost programme

Posted by   Virus Bulletin on   Aug 25, 2020

The programme for VB2020 localhost - the first virtual, and entirely free to attend VB conference - is now complete, with new additions to both the live programme and the on-demand programme.

Read more  

VB2020 localhost call for last minute papers: a unique opportunity

Posted by   Virus Bulletin on   Aug 10, 2020

Why VB2020 localhost presents a unique opportunity for you to share your research with security experts around the globe.

Read more  

VB2020 localhost call for last-minute papers now open!

Posted by   Virus Bulletin on   Jul 31, 2020

The call for last-minute papers for VB2020 localhost is now open. Submit before 17 August to have your paper considered for one of the nine slots reserved for 'hot' research!

Read more  

Announcing... VB2020 localhost

Posted by   Virus Bulletin on   Jul 29, 2020

Announcing VB2020 localhost: the carbon neutral, budget neutral VB conference!

Read more  

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

Posted by   Virus Bulletin on   May 4, 2020

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their presentation.

Read more  

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

Posted by   Helen Martin on   Apr 30, 2020

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request forgery (SSRF) by instrumenting web applications.

Read more  

VB2020 programme announced

Posted by   Virus Bulletin on   Apr 16, 2020

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

Read more  

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

Posted by   Virus Bulletin on   Apr 2, 2020

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

Read more  

VB2019 paper: 2,000 reactions to a malware attack – accidental study

Posted by   Virus Bulletin on   Mar 24, 2020

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

Read more  

VB2019 paper: Why companies need to focus on a problem they do not know they have

Posted by   Virus Bulletin on   Mar 20, 2020

Often unbeknownst to network administrators, many company networks are used to download child sexual abuse material. In a paper presented at VB2019 in London, NetClean’s Richard Matti and Anna Creutz looked at this problem and what companies can do, ultimately, to help safeguard children. Today we publish their full paper.

Read more  
Previous1234567...215Next

Search blog

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution and t…
Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth Read the paper (HTML) Download the paper (PDF)       Though active for not… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-different-ways-cook-crab-gandcrab-ransomware-service-raas-analysed-depth/

Guest blog: TotalAV uncovers the world’s first ransomware

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.
In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape. Rediscovered in an… https://www.virusbulletin.com/blog/2019/09/guest-blog-totalav-uncovers-worlds-first-ransomware/

VB2018 video: Behind the scenes of the SamSam investigation

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.
Yesterday, a federal grand jury in the US unsealed an indictment charging two Iranians with being behind the SamSam ransomware. SamSam has been one of the most successful… https://www.virusbulletin.com/blog/2018/11/vb2018-video-behind-scenes-samsam-investigation/

VB2017 paper: Nine circles of Cerber

Cerber is one of the major names in the world of ransomware, and last year, Check Point released a decryption service for the malware. Today, we publish a VB2017 paper by Check Point's Stanislav Skuratovich describing how the Cerber decryption tool worked…
Earlier this week, we published the video of a VB2017 presentation on the Spora ransomware. Spora is hardly alone in this prominent threat type though, and one of the other major… https://www.virusbulletin.com/blog/2017/12/vb2017-paper-nine-circles-cerber/

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.
First discovered at the beginning of the year, the Spora ransomware has become one of of the most prominent ransomware families of 2017, especially in Russia, a region it appears… https://www.virusbulletin.com/blog/2017/12/vb2017-video-spora-saga-continues-k-how-ruin-your-research-week/

VB2017: nine last-minute papers announced

From attacks on Ukraine's power grid to web shells, and from car hacking to ransomware: we announce the first nine 'last-minute' papers on the VB2017 programme.
At Virus Bulletin we try not to follow the daily security hype, focusing instead on the bigger trends. This means that the topics covered on the VB2017 conference programme – the… https://www.virusbulletin.com/blog/2017/09/vb2017-nine-last-minute-papers-announced/

NoMoreRansom's first birthday demonstrates importance of collaboration

This week the NoMoreRansom project celebrated its first birthday. It has already helped many victims of ransomware with advice and tools and is an excellent example of collaboration between private and public partners in IT security.
This week, the NoMoreRansom project celebrates its first anniversary and can look back to subtle but important successes in the fight against ransomware. The advice from… https://www.virusbulletin.com/blog/2017/07/nomoreransoms-first-birthday-shows-importance-collaboration/

48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat

Whether you call it Petya, NotPetya, Nyetya or Petna, there are still many mysteries surrounding the malware that has been causing havoc around the world.
"What's in a name? that which we call a rose By any other name would smell as sweet" Shakespeare's philosophising can equally be applied to malware, and whether you call it… https://www.virusbulletin.com/blog/2017/06/48-hours-after-initial-reports-many-mysteries-around-latest-ransomwarewiper-threat-remain/

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"
For the past few days, the world of Infosec on Twitter has tried to find as many ways as possible of saying "we told you so". To be fair, it's true – we did tell you so: for… https://www.virusbulletin.com/blog/2017/may/wannacry-shows-we-need-understand-why-organisations-dont-patch/

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.
We have become used to the idea of cybersecurity stories sometimes making the mainstream news, but the UK's newspapers across the spectrum, from broadsheets to tabloids, all… https://www.virusbulletin.com/blog/2017/may/modern-security-software-not-powerless-against-threats-wannacry/

Ransomware not a problem for half of businesses

According to a report by IBM Security, 70 per cent of businesses that are the victim of a ransomware attack end up paying the ransom. However, the report also suggests that a little over half of businesses manage to avoid getting infected at all, showing …
If you are wondering why ransomware continues to thrive, a recent study from IBM Security provides a simple explanation: 70 per cent of the ransomware-infected businesses they… https://www.virusbulletin.com/blog/2017/01/ransomware-not-problem-half-businesses/

Paper: Spreading techniques used by malware

In a new paper published by Virus Bulletin, Acalvio researcher Abhishek Singh discusses some of the techniques used by malware to increase its impact by spreading further.
Malware infections usually start with a user opening an attachment, visiting a link, or simply accessing an infected site with a vulnerable browser. But once malware has infected… https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/

VB2016 preview: Cryptography mistakes in malware

At VB2016, two talks will discuss mistakes made by malware authors in cryptographic implementations. Ben Herzog and Yaniv Balmas will present a paper in which they look at a number of these mistakes, while Malwarebytes researcher hasherezade will present …
"Don't roll your own crypto", software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-presentations-cryptography-mistakes-malware/

Guest blog: Nemucod ransomware analysis

In a guest blog, Webroot researcher Jesse Lopez looks at another variant in the massive crop of malware that takes users’ files hostage: Nemucod ransomware.
In the run up to VB2016, we invited the sponsors of the conference to write guest posts for our blog. In the third of this series, Webroot's Jesse Lopez writes about the Nemucod… https://www.virusbulletin.com/blog/2016/september/guest-blog-nemucod-ransomware-analysis/

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the… https://www.virusbulletin.com/blog/2016/07/romanian-university-website-compromised-serve-neutrino-exploit-kit/

Paying a malware ransom is bad, but telling people never to do it is unhelpful advice

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.
I'm not usually one to spread panic about security issues, but in the case of the current ransomware plague, I believe that at the very least a sense of great concern is… https://www.virusbulletin.com/blog/2016/04/paying-malware-ransom-bad-telling-people-never-do-it-unhelpful-advice/

New tool helps ransomware victims indentify the malware family

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.
Malware infections are never fun, but ransomware is particularly nasty and the plague doesn't seem likely to cease any time soon: new families are spotted almost daily. A small… https://www.virusbulletin.com/blog/2016/04/new-tool-helps-ransomware-victims-indentify-malware-family/

Researchers seek ransomware samples for their generic solution

VB2015 presentation to include demonstration of technique against recent samples.
VB2015 presentation to include demonstration of technique against recent samples. 'The scary hack that's on the rise' is how Wired's Kim Zetter described ransomware in an overview… https://www.virusbulletin.com/blog/2015/09/researchers-seek-ransomware-samples-their-generic-solution/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

'RansomWeb' ransomware targets companies' databases

Encryption first added as a patch, key only removed when all backups are encrypted.
Encryption first added as a patch, key only removed when all backups are encrypted. Make backups, they said. Then you won't have to worry about ransomware, they said. Ransomware… https://www.virusbulletin.com/blog/2015/02/ransomweb-ransomware-targets-companies-databases/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.