VB Blog

Malicious ads served on java.com

Posted by   Virus Bulletin on   Aug 28, 2014

If you do need to run plug-ins, make sure you enable click-to-play.

Read more  

VB2014 preview: Methods of malware persistence on Mac OS X

Posted by   Virus Bulletin on   Aug 27, 2014

Patrick Wardle shows that OS X users really have something to worry about.

Read more  

More than two million home routers have 'wide open backdoor'

Posted by   Virus Bulletin on   Aug 26, 2014

Default password makes vulnerability easy to exploit.

Read more  

VB2014 preview: Duping the machine - malware strategies, post sandbox detection

Posted by   Virus Bulletin on   Aug 22, 2014

James Wyke looks at four difference decoy methods.

Read more  

Paper: Bird's nest

Posted by   Virus Bulletin on   Aug 21, 2014

Raul Alvarez studies the Neshta prepending file infector.

Read more  

VB2014 preview: Labelling spam through the analysis of protocol patterns

Posted by   Virus Bulletin on   Aug 19, 2014

Andrei Husanu and Alexandru Trifan look at what TCP packet sizes can teach us.

Read more  

VB2014 preview: Optimized mal-ops. Hack the ad network like a boss

Posted by   Virus Bulletin on   Aug 15, 2014

Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.

Read more  

Guest blog: Cyber insurance, is it for you?

Posted by   Virus Bulletin on   Aug 14, 2014

Sorin Mustaca looks at how companies trading online can insure the risks they run.

Read more  

Google to take tough stance on homoglyph attacks

Posted by   Virus Bulletin on   Aug 14, 2014

Good idea, but unlikely to have a huge impact.

Read more  

VB2014 preview: P0wned by a barcode

Posted by   Virus Bulletin on   Aug 13, 2014

Fabio Assolini to speak about malware targeting boletos.

Read more  

Search blog

Is publishing your employees' email addresses such a big deal?

Beware of a false sense of security.
Beware of a false sense of security. Security blogger Graham Cluley points to hypocrisy in a KPMG press release in which it criticises FTSE 350 companies for 'leaking data that can… https://www.virusbulletin.com/blog/2013/07/publishing-your-employees-email-addresses-such-big-deal/

Compromised Yahoo! accounts continue to spread Android malware

Problem likely to be on Yahoo!'s side.
Problem likely to be on Yahoo!'s side. In recent weeks, we have noticed an uptick in the amount of spam sent from compromised Yahoo! accounts; we have reasons to believe the… https://www.virusbulletin.com/blog/2013/06/compromised-yahoo-accounts-continue-spread-android-malware/

Vulnerabilities could trigger payload in emails upon receiving or opening

Flaws in IBM Notes and Exim/Dovecot easy to mitigate.
Flaws in IBM Notes and Exim/Dovecot easy to mitigate. Two recently discovered vulnerabilities in mail processing software could give an attacker access to a targeted system without… https://www.virusbulletin.com/blog/2013/05/vulnerabilities-could-trigger-payload-emails-upon-receiving-or-opening/

Different focus on spam needed

What happens before the filter doesn't matter too much.
What happens before the filter doesn't matter too much. It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that… https://www.virusbulletin.com/blog/2013/04/different-focus-spam-needed/

Weak cryptography keys allow others to add valid DKIM signatures to fake emails

512-bit key cracked within 72 hours.
512-bit key cracked within 72 hours. A Florida-based mathematician has caused a stir in the email community by adding a valid DKIM signature for google.com to an email after… https://www.virusbulletin.com/blog/2012/10/weak-cryptography-keys-allow-others-add-valid-dkim-signatures-fake-emails/

Cybercriminals offering service flooding email, phone and SMS

DDoS-type attack could seriously disrupt business.
DDoS-type attack could seriously disrupt business. A new service is being offered on underground forums where between 25,000 and 100,000 emails are being sent to an email account… https://www.virusbulletin.com/blog/2012/07/cybercriminals-offering-service-flooding-email-phone-and-sms/

New RFC describes best practices for running DNS-based lists

DNSBL users advised to avoid those lists that charge for delisting.
DNSBL users advised to avoid those lists that charge for delisting. A new RFC document has been published that describes the best operational practices for the use of DNS-based… https://www.virusbulletin.com/blog/2012/01/new-rfc-describes-best-practices-running-dns-based-lists/

New RFC grants DKIM improved status

Email signing method now 'Draft Standard'.
Email signing method now 'Draft Standard'. The Internet Engineering Task Force (IETF) has published a new RFC describing the DKIM protocol which sees its status advance from… https://www.virusbulletin.com/blog/2011/09/new-rfc-grants-dkim-improved-status/

Windows Help Files used in targeted attacks

Files with code-executing properties attached to emails.
Files with code-executing properties attached to emails. Researchers at Symantec have discovered Windows Help Files being used in targeted attacks. Such help files, which use the… https://www.virusbulletin.com/blog/2011/09/windows-help-files-used-targeted-attacks/

Researchers find email used in RSA hack

Email with malicious attachment uploaded to online scanning service
Email with malicious attachment uploaded to online scanning service Researchers at F-Secure have managed to obtain the file used in the targeted attack against security vendor RSA… https://www.virusbulletin.com/blog/2011/08/researchers-find-email-used-rsa-hack/

Hotmail beefs up security with stricter password policy

'My friend has been spammed' button also welcomed by experts.
'My friend has been spammed' button also welcomed by experts.Microsoft's free webmail service Hotmail has introduced some new features which should make it less likely for its… https://www.virusbulletin.com/blog/2011/07/hotmail-beefs-security-stricter-password-policy/

'Job application' contains malicious attachment

$150,000 lost via banking trojan.
$150,000 lost via banking trojan. An unidentified US company has learned the hard way that email attachments - even to those that appear to be solicited - may contain malware. The… https://www.virusbulletin.com/blog/2011/01/job-application-contains-malicious-attachment/

ARF published as IETF standard

Abuse report format helps auto-handling of email complaints
Abuse report format helps auto-handling of email complaints ARF (Abuse Reporting Format) has been approved by the IETF as an Internet standard. ARF is a format used to send… https://www.virusbulletin.com/blog/2010/09/arf-published-ietf-standard/

« Previous 12 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.