VB Blog

Google AdWords phishing campaign spreads

Posted by   Virus Bulletin on   Oct 13, 2011

Users urged to login because of 'issues'.

Read more  

Mac trojan is VMware-aware

Posted by   Virus Bulletin on   Oct 12, 2011

Malicious execution stopped when virtual environment is detected.

Read more  

Government trojan found on German computers

Posted by   Virus Bulletin on   Oct 11, 2011

Four states admit the use of spyware.

Read more  

VB conference hashtag used to spread malware

Posted by   Virus Bulletin on   Oct 11, 2011

Tweet promising conference news links to trojan.

Read more  

October issue of VB published

Posted by   Virus Bulletin on   Oct 1, 2011

The October issue of Virus Bulletin is now available for subscribers to download.

Read more  

Mysql.com hacked, serving malware

Posted by   Virus Bulletin on   Sep 27, 2011

Root access to site offered on black market.

Read more  

E-marketing companies compromised to send spam

Posted by   Virus Bulletin on   Sep 27, 2011

Fake order confirmations contain malicious links.

Read more  

Alureon trojan uses steganography to receive commands

Posted by   Virus Bulletin on   Sep 26, 2011

Messages hidden inside images create extra layer of redundancy.

Read more  

Attack targets government agencies in CIS countries

Posted by   Virus Bulletin on   Sep 26, 2011

Trojans used to steal specific files.

Read more  

New RFC grants DKIM improved status

Posted by   Virus Bulletin on   Sep 23, 2011

Email signing method now 'Draft Standard'.

Read more  
Previous1...9091929394...215Next

Search blog

VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

We preview Patrick Wardle's VB2017 paper, in which the Synack researcher analyses the mysterious OSX/FruitFly malware by setting up a custom C&C server.
Apart from the odd taxi driver loudly making the claim, the idea that "Macs don't get malware" has become something of the past. Nevertheless, most security researchers focus on… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-offensive-malware-analysis-dissecting-osxfruitfly-custom-cc-server/

VB2017 - information for press

More than 50 security industry experts will present conference papers to their peers at VB2017 next week, and there are several papers on the programme with a certain newsworthiness. There is still time for cybersecurity journalists to apply for a press p…
Next week, security researchers from around the world will gather in Madrid for VB2017, the 27th International Virus Bulletin Conference. More than 50 security industry experts… https://www.virusbulletin.com/blog/2017/09/vb2017-information-press/

VB2017 preview: BPH exposed - RBN never left they just adapted and evolved. Did you?

We preview the VB2017 paper by Dhia Mahjoub (OpenDNS) and Jason Passwaters (Intel471) who combine an actor-centric and a network-centric approach to analysing bulletproof hosting operations.
Running a cybercriminal enterprise isn't all that easy. Try, for instance, setting up a site hosting malware and you'll find that sooner or later the provider will suspend your… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-bph-exposed-rbn-never-left-they-just-adapted-and-evolved-did-you/

Test your technical and mental limits in the VB2017 foosball tournament

As has become tradition, VB2017 will once again see a security industry table football tournament. Register your team now for some great fun and adrenaline-filled matches in between sessions in Madrid!
We all know the scenario. You're using multiple layers of defence, combined with a fast response time, to prevent a skilled attacker from reaching the goal. Or maybe you are that… https://www.virusbulletin.com/blog/2017/09/join-vb2017-foosball-tournament/

The case against running Windows XP is more subtle than we think it is

Greater Manchester Police is one of many organizations still running Windows XP on some of its systems. This is bad practice, but the case against running XP is far more subtle than we often pretend it is.
Greater Manchester Police has admitted to the BBC that some 1,500 of its PCs (20% of the total) are still running Windows XP, an operating system that was considered end-of-life… https://www.virusbulletin.com/blog/2017/09/case-against-running-windows-xp-more-subtle-we-think-it/

Hot FinSpy research completes VB2017 programme

Researchers from ESET have found a new way in which the FinSpy/FinFisher 'government spyware' can infect users, details of which they will present at VB2017 in Madrid.
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days (CVE-2017-0199 and… https://www.virusbulletin.com/blog/2017/09/hot-finspy-research-makes-vb2017-programme-complete/

Transparency is essential when monitoring your users' activities

Activity monitoring by security products in general, and HTTPS traffic inspection in particular, are sensitive issues in the security community. There is a time and a place for them, VB's Martijn Grooten argues, but only when they are done right.
The inspection of HTTPS traffic is a sensitive issue among security experts. On the one hand, there are those who argue that this breaks the important end-to-end principle of… https://www.virusbulletin.com/blog/2017/09/transparency-essential-when-monitoring-someone-elses-activities/

VB2017 preview: Android reverse engineering tools: not the usual suspects

We preview the VB2017 paper by Fortinet researcher Axelle Apvrille, in which she looks at some less obvious tools for reverse engineering Android malware.
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-android-reverse-engineering-tools-not-usual-suspects/

Malicious CCleaner update points to a major weakness in our infrastructure

Researchers from Cisco Talos have found that a recent version of the widely used CCleaner tool installed malware on the machine.
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved… https://www.virusbulletin.com/blog/2017/09/malicious-ccleaner-update-points-major-weakness-our-infrastructure/

Despite the profitability of ransomware there is a good reason why mining malware is thriving

Though ransomware is far more profitable than using a compromised PC to mine bitcoins, the global distribution of malware means that there are many botnets for which mining is the most efficient way to extract money out of a PC.
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather… https://www.virusbulletin.com/blog/2017/09/despite-profitability-ransomware-there-good-reason-why-mining-malware-thriving/

VB2017 preview: Crypton - exposing malware's deepest secrets

We preview the VB2017 paper by Julia Karpin and Anna Dorfman (F5 networks), in which they present a tool to decrypt encrypted parts of malware.
Ask a programmer to perform the same task twice and they will write a tool that automates it. Malware analysts are no different, and the Virus Bulletin Conference has a long… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-crypton-exposing-malwares-deepest-secrets/

VB2017 preview: Hacktivism and website defacement: motivations, capabilities and potential threats

We preview the VB2017 paper by Marco Romagna and Niek Jan van den Hout (The Hague University of Applied Sciences), in which they thoroughly analyse the motivations and modus operandy of hacktivists.
In March this year, following a political row between the Netherlands and Turkey, a large number of Dutch websites were defaced to display messages in support of the Turkish… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-hacktivism-and-website-defacement-motivations-capabilities-and-potential-threats/

Three questions to ask about security product bypasses

Proof-of-concepts for bypasses of security products always sound scary, but how seriously should we take them? VB Editor Martijn Grooten lists three questions one should ask about any such bypass to determine how serious a threat it represents.
Techniques for bypassing security products feature prominently at security conferences and on security blogs these days. Indeed, with so many people relying implicitly or… https://www.virusbulletin.com/blog/2017/09/three-questions-ask-about-security-product-bypasses/

VB2017: WHOIS and EICAR Small Talks added

Today, we announce two more 'Small Talks' for the VB2017 programme. In one of them, Neil Schwarzman will discuss the consequences of the GDPR for WHOIS and abuse research, while the other will be hosted by three members of EICAR, who will discuss its work…
In addition to the nine 'last-minute' papers that were announced and added to the VB2017 programme yesterday, we have also added two more 'Small Talks'. The 'Small Talks' take… https://www.virusbulletin.com/blog/2017/09/vb2017-whois-and-eicar-small-talks-added/

VB2017: nine last-minute papers announced

From attacks on Ukraine's power grid to web shells, and from car hacking to ransomware: we announce the first nine 'last-minute' papers on the VB2017 programme.
At Virus Bulletin we try not to follow the daily security hype, focusing instead on the bigger trends. This means that the topics covered on the VB2017 conference programme – the… https://www.virusbulletin.com/blog/2017/09/vb2017-nine-last-minute-papers-announced/

Patching is important even when it only shows the maturity of your security process

A lot of vulnerabilities that are discovered are never exploited in the wild. It is still important to patch them though.
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process,… https://www.virusbulletin.com/blog/2017/09/patching-important-even-when-it-only-shows-maturity-your-security-process/

September

https://www.virusbulletin.com/blog/2017/09/

Massive data breach confirms what you already knew: you are getting spam

A security researcher found more than 700 million email addresses stored on a server used by a spam botnet, which gives us some insight into what the email lists used by spammers look like.
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but… https://www.virusbulletin.com/blog/2017/09/massive-data-breach-confirms-what-you-already-knew-you-are-getting-spam/

VB2017 preview: State of cybersecurity in Africa: Kenya

We preview the VB2017 presentation by Tyrus Kamau (Euclid Security), who will talk about the state of cybersecurity in Africa, with a particular focus on his home country, Kenya.
The Internet is very much a global phenomenon, and for that reason, so is cybersecurity. A remote code execution vulnerability is as much of a problem on a server in Afghanistan… https://www.virusbulletin.com/blog/2017/09/vb2017-preview-state-cyber-security-africa-kenya/

VB2017 preview: Calling all PUA fighters

We preview the VB2017 Small Talk to be given by AppEsteem's Dennis Batchelder that should help security vendors make decisions about apps whose behaviours sit right on the limits of what is acceptable from a security point of view.
While a lot of attention is focused on the fight against advanced malware, a different kind of threat is providing just as big a headache for security companies: that of apps… https://www.virusbulletin.com/blog/2017/08/vb2017-preview-calling-all-pua-fighters/

« Previous 1...1718192021...121 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.