VB Blog

VB2017 preview: Calling all PUA fighters

Posted by   Martijn Grooten on   Aug 31, 2017

We preview the VB2017 Small Talk to be given by AppEsteem's Dennis Batchelder that should help security vendors make decisions about apps whose behaviours sit right on the limits of what is acceptable from a security point of view.

Read more  

VB2017 preview: From insider threat to insider asset: a practical guide

Posted by   Martijn Grooten on   Aug 30, 2017

We preview the VB2017 paper by Forcepoint's Kristin Leary and Richard Ford, who will discuss a practical approach to preventing insider attacks.

Read more  

WireX DDoS botnet takedown shows the best side of the security industry

Posted by   Martijn Grooten on   Aug 29, 2017

Collaboration between a number of security companies has led to the takedown of the WireX Android DDoS botnet. Efforts like these, and the fact that the companies involved all decided to publish the very same blog post, show the best side of the security industry.

Read more  

VB2017 preview: Your role in child abuse

Posted by   Martijn Grooten on   Aug 28, 2017

We preview the VB2017 presentation by Mick Moran, who will discuss online child abuse and the role the security community can play fighting it.

Read more  

ROPEMAKER email exploit is of limited practical use

Posted by   Martijn Grooten on   Aug 28, 2017

Researchers at Mimecast have published a paper about the 'ROPEMAKER' exploit, which allows an email sender with malicious intentions to change the visial appearance of an email after it has been delivered.

Read more  

VB2017 preview: Mariachis and jackpotting: ATM malware from Latin America

Posted by   Martijn Grooten on   Aug 25, 2017

We preview the VB2017 presentation by Kaspersky Lab researchers Thiago Marques and Fabio Assolini in which they look at malware targeting ATMs in Latin America.

Read more  

VB2017 preview: Stuck between a ROC and a hard place

Posted by   Martijn Grooten on   Aug 24, 2017

We preview the VB2017 paper by Microsoft's Holly Stewart and Joe Blackbird, which uses data about users switching anti-virus provider to decide whether machine-learning models should favour avoiding false positives over false negatives.

Read more  

VB2017 preview: Consequences of bad security in health care

Posted by   Martijn Grooten on   Aug 23, 2017

We preview the VB2017 presentation by Jelena Milosevic, an ICU nurse by profession, who will provide the audience with an inside view of security in hospitals.

Read more  

VB2017 Small Talk: The encryption vs. inspection debate

Posted by   Martijn Grooten on   Aug 22, 2017

At VB2017, Cloudflare's Head of Cryptography Nick Sullivan will give a Small Talk on the intercepting of HTTPS connections by proxies and anti-virus software.

Read more  

Throwback Thursday: Ten memorable Virus Bulletin conference presentations - part 2

Posted by   Virus Bulletin on   Aug 10, 2017

In the second part of this two-part blog series, we look at five more memorable Virus Bulletin conference presentations.

Read more  
Previous1...3132333435...215Next

Search blog

New Emotet spam campaign continues to bypass email security products

On Monday, the infamous Emotet malware resumed its spam campaign to spread the latest version of the malware. As before, the malware successfully bypasses many email security products.
Following the resumption of activity by Emotet's C&C servers in August, it was only a matter of time before the botnet started sending out spam again. This did indeed happen on… https://www.virusbulletin.com/blog/2019/09/new-emotet-spam-campaign-continues-bypass-email-security-products/

From Amazon to Emotet: a look at those phishing and malware emails that bypassed email security products

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Recently some of the emails that bypassed security products included a broken Amazon phishing campaign, a large fake UPS campai…
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu. On this blog, we regularly look at those phishing and malware emails… https://www.virusbulletin.com/blog/2019/02/amazon-ups-emotet-formbook-and-lokibot-look-those-phishing-and-malware-emails-bypassed-email-security-products/

From HSBC to product descriptions: the malicious emails bypassing your filters

Using data from our VBSpam lab, we looked at the malicious emails that have been missed recently by a large number of email security products.
Over a one-week period earlier this month, the average email with a malicious attachment was almost three times as likely to bypass email security products than a spam email… https://www.virusbulletin.com/blog/2019/01/hsbc-product-descriptions-malicious-emails-bypassing-your-filters/

The spam that is hardest to block is often the most damaging

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu. In a talk I gave at IRISSCON last year (the video of which you will find… https://www.virusbulletin.com/blog/2019/01/spam-hardest-block-often-most-damaging/

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.
Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered… https://www.virusbulletin.com/blog/2018/10/emotet-trojan-starts-stealing-full-emails-infected-machines/

We are more ready for IPv6 email than we may think

Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
In email security circles, IPv6 is the elephant in the room. While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will… https://www.virusbulletin.com/blog/2018/06/we-are-more-ready-ipv6-email-we-may-think/

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender's IP address (and sometimes their domain) is listed as a known spammer.… https://www.virusbulletin.com/blog/2018/05/expired-domain-led-spamcannibal-blacklisting-whole-world/

Netflix issue shows email verification really does matter

A clever trick taking advantage of the fact that Gmail ignores dots in email addresses could be used to trick someone into paying for your Netflix subscription - demonstrating the importance of confirmed opt-in.
In the email security community, the use of confirmed opt-in has long been a recommended practice: an email address given to you can't be used until the account owner has… https://www.virusbulletin.com/blog/2018/04/netflix-issue-shows-email-verification-does-matter/

Facebook helps you determine whether emails really came from its servers

On its website, Facebook now shows which emails it has sent you recently, thus helping you to determine which emails are real, and which should be discarded as phishing.
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online… https://www.virusbulletin.com/blog/2017/12/facebook-helps-you-determine-whether-emails-really-came-them/

ROPEMAKER email exploit is of limited practical use

Researchers at Mimecast have published a paper about the 'ROPEMAKER' exploit, which allows an email sender with malicious intentions to change the visial appearance of an email after it has been delivered.
Researchers at Mimecast have published details (pdf) of an email exploit they call 'ROPEMAKER' (short for 'Remotely Originated Post-delivery Email Manipulation Attacks Keeping… https://www.virusbulletin.com/blog/2017/08/ropemaker-email-exploit-limited-practical-use/

DMARC: an imperfect solution that can make a big difference

US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent.
US Senator Ron Wyden has written a letter (pdf) to the Department of Homeland Security, urging the US government to implement DMARC to "ensure hackers cannot send emails that… https://www.virusbulletin.com/blog/2017/07/dmarc-imperfect-solution-can-make-big-difference/

Ransomware would be much worse if it wasn't for email security solutions

The latest VBSpam test brings good news: at least 199 out of every 200 emails containing a malicious attachment were blocked by email security solutions. All of the full solutions tested achieved a VBSpam award, with five earning a VBSpam+ award.
Many experts believe that ransomware is set to become an even worse problem in 2017 than it was in 2016 — which is rather bad news, given the damage it has already done. Still,… https://www.virusbulletin.com/blog/2017/01/ransomware-would-be-so-much-worse-if-it-wasnt-email-security-solutions/

Will DIME eventually replace email?

Protocol has all the advantages of email, yet is orders of magnitude more secure.
Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email… https://www.virusbulletin.com/blog/2015/03/will-dime-eventually-replace-email/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

Praise for the unsung heroes of email

Many decent performances in VB's latest comparative spam filter test.
Many decent performances in VB's latest comparative spam filter test. A decade ago, there were optimists who thought that the spam problem would soon be eradicated. At the same… https://www.virusbulletin.com/blog/2015/02/praise-unsung-heroes-email/

VB2014 paper: DMARC - how to use it to improve your email reputation

Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.Over the next few months, we will be sharing VB2014 conference papers as well as video… https://www.virusbulletin.com/blog/2014/11/paper-dmarc-how-use-it-improve-your-email-reputation/

DNS cache poisoning used to steal emails

Call to use end-to-end encryption and to deploy DNSSEC.
Call to use end-to-end encryption and to deploy DNSSEC.DNS is sometimes called 'the phone book of the Internet'. If true, then it is a phone book that makes it relatively easy to… https://www.virusbulletin.com/blog/2014/09/dns-cache-poisoning-used-steal-emails/

Yahoo's DMARC policy wreaks havoc among mailing lists

Collateral damage in instruction to reject emails with invalid DKIM signatures.
Collateral damage in instruction to reject emails with invalid DKIM signatures. A change in Yahoo's DMARC policy has caused frustration among operators of many mailing lists and… https://www.virusbulletin.com/blog/2014/04/yahoo-s-dmarc-policy-wreaks-havoc-among-mailing-lists/

At least 99.4% of spam blocked in recent Virus Bulletin test

All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC.
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC. The results of the most recent… https://www.virusbulletin.com/blog/2014/02/least-99-4-spam-blocked-recent-test/

New email header attempts to prevent damage of reissued email addresses

Transactional emails not delivered if the account's owner has changed in the meantime.
Transactional emails not delivered if the account's owner has changed in the meantime. When in June, Yahoo announced it would free up inactive user IDs, it received fierce… https://www.virusbulletin.com/blog/2013/08/new-email-header-attempts-prevent-damage-reissued-email-addresses/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.