VB Blog

Paper: How It Works: Steganography Hides Malware in Image Files

Posted by   Martijn Grooten on   Apr 28, 2016

A new paper by CYREN researcher Lordian Mosuela takes a close look at Gatak, or Stegoloader, a piece of malware that was discovered last year and that is controlled via malicious code embedded in a PNG image, a technique known as steganography.

Read more  

Paying a malware ransom is bad, but telling people never to do it is unhelpful advice

Posted by   Martijn Grooten on   Apr 26, 2016

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.

Read more  

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

Posted by   Martijn Grooten on   Apr 22, 2016

In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool, which extracts malicious code from packed binaries, leveraging the functionality of the Volatility Framework.

Read more  

VB2016 programme announced, registration opened

Posted by   Martijn Grooten on   Apr 21, 2016

We have announced 37 papers (and four reserve papers) that will be presented at VB2016 in Denver, Colorado, USA in October. Registration for the conference has opened; make sure you register before 1 July to benefit from a 10% early bird discount.

Read more  

New tool helps ransomware victims indentify the malware family

Posted by   Martijn Grooten on   Apr 15, 2016

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.

Read more  

It's fine for vulnerabilities to have names — we just need not to take them too seriously

Posted by   Martijn Grooten on   Apr 13, 2016

The PR campaign around the Badlock vulnerability backfired when it turned out that the vulnerability wasn't as serious as had been suggested. But naming vulnerabilities can actually be helpful and certainly shouldn't hurt.

Read more  

Throwback Thursday: The Number of the Beasts

Posted by   Helen Martin on   Apr 7, 2016

The Virus Bulletin Virus Prevalence Table, which ran from 1992 until 2013, gave users a regular snapshot of what was really going on in the virus (and later malware) world, recording the number of incidents of each virus reported to VB in the preceding month. In August 2000, Denis Zenkin, a self-confessed virus prevalence table junkie, shared his findings following a study of the virus prevalence tables over the preceding few years, allowing him to determine the top ten viruses of the period, the top viruses by type and the viruses of the year.

Read more  

Paper: All Your Meetings Are Belong to Us: Remote Code Execution in Apache OpenMeetings

Posted by   Martijn Grooten on   Mar 30, 2016

Security researcher Andreas Lindh recently found a vulnerability in Apache OpenMeetings that could allow remote code execution on a vulnerable server. Andreas reported the vulnerability to the OpenMeetings developers and, once it had been patched, he wrote up the details.

Read more  

Throwback Thursday: 'In the Beginning was the Word...'

Posted by   Helen Martin on   Mar 24, 2016

Word and Excel’s internal file formats used to be something in which few were interested – until macro viruses came along and changed all that. In 1996, Andrew Krukov provided an overview of the new breed of viruses.

Read more  

VB2016 Call for Papers Deadline

Posted by   Martijn Grooten on   Mar 18, 2016

You have until the early hours (GMT) of Monday 21 March to submit an abstract for VB2016! The VB2016 programme will be announced in the first week of April.

Read more  
Previous1...4445464748...215Next

Search blog

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.
Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects Read the paper (HTML) Download the paper (PDF)   Android botnets are a formidable… https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/

VB2019 presentation: A deep dive into iPhone exploit chains

In a last-minute presentation at VB2019 in London, John Bambenek of the University of Illinois at Urbana-Champaign discussed details of campaigns that used advanced iOS and Android exploit chains against China’s Uighur minority. Today we release the recor…
One of the biggest security stories of 2019 was the use of advanced iOS and Android exploit chains against China’s Uighur minority, first uncovered by Google’s Project Zero with… https://www.virusbulletin.com/blog/2020/01/vb2019-presentation-deep-dive-iphone-exploit-chains/

VB2019 paper: Domestic Kitten: an Iranian surveillance program

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video of th…
Domestic Kitten: an Iranian surveillance program Read the paper (HTML) Download the paper (PDF)       In September last year, researchers at Check Point uncovered… https://www.virusbulletin.com/blog/2019/11/vb2019-paper-d/

Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets.
The sharp rise in Android malware in recent years has led security researchers to look for efficient ways to cluster related samples, especially since the tools used for Windows… https://www.virusbulletin.com/blog/2019/11/paper-dexofuzzy-android-malware-similarity-clustering-method-using-opcode-sequence/

Free VB2019 tickets for students

Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we are able to offer 20 free tickets to students who want to attend VB2019.
Update 02 August 2019: Applications for free student tickets have now closed. Virus Bulletin is excited to announce that, thanks to generous sponsorship from Google Android, we… https://www.virusbulletin.com/blog/2019/06/free-vb2019-tickets-students/

VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation

Static analysis and dynamic analysis each have their shortcomings as methods for analysing potentially malicious files. Today, we publish a VB2018 paper by Check Point researchers Yoni Moses and Yaniv Mordekhay, in which they describe a method that combin…
Android app deobfuscation using static-dynamic cooperation Read the paper (HTML) Download the paper (PDF)   The two most common methods for analysing potentially malicious… https://www.virusbulletin.com/blog/2019/03/vb2018-paper-and-video-android-app-deobfuscation-using-static-dynamic-cooperation/

VB2018 paper: Little Brother is watching – we know all your secrets!

At VB2018 in Montreal, researchers from Fraunhofer SIT looked at privacy vulnerabilities in legitimate Android family-tracking apps that leaked location data. Today, we publish both their paper and the video of their presentation.
The use of mobile spyware to spy on (ex-)partners is an underreported problem, despite the prevalence of such apps and their use in cases of domestic violence. At VB2017 in… https://www.virusbulletin.com/blog/2019/02/vb2018-paper-little-brother-watching-we-know-all-your-secrets/

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.
Though still relatively new (the first VB conference paper on Android malware was presented in 2011), malware targeting the Android mobile operating system has evolved quickly, in… https://www.virusbulletin.com/blog/2019/01/vb2018-paper-unpacking-packed-unpacker-reversing-android-anti-analysis-library/

VB2018 video: Triada: the past, the present and the (hopefully not existing) future

Today we publish the video of the VB2018 presentation by Google researcher Lukasz Siewierski on the Triada Android malware and Google's work with OEMs to remove it from infected devices.
From NotPetya to Shadowpad, supply chain attacks have become a serious and hard-to-fight security problem. One prominent type of supply chain attack involves the pre-installation… https://www.virusbulletin.com/blog/2018/11/vb2018-video-triada-past-present-and-hopefully-not-existing-future/

VB2018 preview: Workshops

Workshops make their VB Conference debut during VB2018, giving delegates the opportunity to learn the basics of kernel-level malware analysis, Android reverse-engineering and artificial intelligence.
The Virus Bulletin Conference is first and foremost a place to learn: about new threats, about the tools used to detect and fight them, and to learn about (and get to know) the… https://www.virusbulletin.com/blog/2018/09/vb2018-preview-workshops/

VB2018 preview: Unpacking the packed unpacker: reversing an Android anti-analysis library

At VB2018, Google researcher Maddie Stone will present an analysis of the multi-layered 'WeddingCake' anti-analysis library used by many Android malware families.
Seven years ago, the first VB conference paper on Android malware looked at what was then a new, but growing trend. Since then both the threat and the research community have… https://www.virusbulletin.com/blog/2018/08/vb2018-preview-unpacking-packed-unpacker-reversing-android-anti-analysis-library/

New paper: Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack, and many excellent explanations of the attack already exist. But what is the likelihood of finding Spectre being exploited on Android smartphones?
The discovery of the Spectre and Meltdown attacks in January cast a long shadow over the year, with many of the issued security patches having their own problems and several new… https://www.virusbulletin.com/blog/2018/07/new-paper-does-malware-based-spectre-exist/

VB2017 paper: Android reverse engineering tools: not the usual suspects

Within a few years, Android malware has grown from a relatively small threat to a huge problem involving more than three million new malware samples a year. Axelle Apvrille, one of the world's leading Android malware researchers, will deliver a workshop o…
Within a few years, Android malware has grown from a relatively small threat – the first VB conference talk on Android, in 2011, mentioned fewer than 100 malware families – to a… https://www.virusbulletin.com/blog/2018/04/vb2017-paper-android-reverse-engineering-tools-not-usual-suspects/

VB2016 paper: Wild Android collusions

At VB2016 in Denver, Jorge Blasco presented a paper (co-written with Thomas M. Chen, Igor Muttik and Markus Roggenbach), in which he discussed the concept of app collusion - where two (or more) apps installed on the same device work together to collect an…
Playing out in the sidelines of the Cambridge Analytica scandal was the discovery that Facebook had been collecting metadata on the calls and SMS conversations of many of the… https://www.virusbulletin.com/blog/2018/03/vb2016-paper-wild-android-collusions/

Tizi Android malware highlights the importance of security patches for high-risk users

Researchers from Google have taken down 'Tizi', an Android malware family, that used nine already patched vulnerabilities to obtain root on infected devices.
A well-known security researcher once said: "if you purposely choose Android you are either Poor, Cheap, or really hate Apple." Android has a bad reputation in security… https://www.virusbulletin.com/blog/2017/11/tizi-android-malware-highlights-importance-security-patches-high-risk-users/

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.
Last week saw yet another successful edition of Mobile Pwn2Own, the contest in which participants are challenged to attack fully patched mobile devices using previously unknown… https://www.virusbulletin.com/blog/2017/11/vulnerabilities-play-only-tiny-role-security-risks-come-mobile-phones/

VB2017 preview: Android reverse engineering tools: not the usual suspects

We preview the VB2017 paper by Fortinet researcher Axelle Apvrille, in which she looks at some less obvious tools for reverse engineering Android malware.
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-android-reverse-engineering-tools-not-usual-suspects/

VB2017: nine last-minute papers announced

From attacks on Ukraine's power grid to web shells, and from car hacking to ransomware: we announce the first nine 'last-minute' papers on the VB2017 programme.
At Virus Bulletin we try not to follow the daily security hype, focusing instead on the bigger trends. This means that the topics covered on the VB2017 conference programme – the… https://www.virusbulletin.com/blog/2017/09/vb2017-nine-last-minute-papers-announced/

WireX DDoS botnet takedown shows the best side of the security industry

Collaboration between a number of security companies has led to the takedown of the WireX Android DDoS botnet. Efforts like these, and the fact that the companies involved all decided to publish the very same blog post, show the best side of the security …
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many… https://www.virusbulletin.com/blog/2017/08/wirex-ddos-botnet-takedown-shows-best-side-security-industry/

VB2016 preview: Wild Android Collusions

Full technical details of the first in-the-wild Android app 'collusion' attack, where multiple apps perform an attack in collaboration, will be shared with the public in at VB2016 in Denver on 5 October.
Most research into and protection against malicious apps focuses on single apps. This makes it interesting for malware authors to use app 'collusion': the ability of two (or more)… https://www.virusbulletin.com/blog/2016/08/vb2016-preview-wild-android-collusions/

« Previous 123 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.