VB Blog

VB2017 paper: The (testing) world turned upside down

Posted by   Martijn Grooten on   Nov 8, 2017

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

Read more  

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Posted by   Martijn Grooten on   Nov 3, 2017

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical Trickbot infection process, and its aftermath, as seen through the lens of a tool used to perform man-in-the-middle decryption. Today, we publish both Andrew's slides and the recording of his presentation.

Read more  

Paper: FAME - Friendly Malware Analysis Framework

Posted by   Martijn Grooten on   Nov 2, 2017

Today, we publish a short paper in which CERT Société Générale presents FAME, its open source malware analysis framework.

Read more  

Ebury and Mayhem server malware families still active

Posted by   Martijn Grooten on   Oct 31, 2017

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.

Read more  

VB2017 paper: Crypton - exposing malware's deepest secrets

Posted by   Martijn Grooten on   Oct 27, 2017

Crypton, a tool developed by F5 Networks researchers Julia Karpin and Anna Dorfman, aims to speed up the reverse engineering process by decrypting encrypted content found in a (malicious) binary. The researchers described the tool in a paper which they presented at VB2017 in Madrid. Today, we publish both the paper and the recording of their presentation.

Read more  

VB2017 paper: The sprawling market of consumer spyware

Posted by   Martijn Grooten on   Oct 25, 2017

For many people, the threat of an abusive partner or ex-partner is very real - and the market for consumer spyware worryingly large. Today, we publish the recording of a presentation on the subject of consumer spyware given at VB2017 by The Daily Beast reporter Joseph Cox.

Read more  

Gábor Szappanos wins fourth Péter Szőr Award

Posted by   Martijn Grooten on   Oct 23, 2017

At the VB2017 gala dinner, the fourth Péter Szőr Award was presented to Sophos researcher Gábor Szappanos for his paper "AKBuilder – the crowdsourced exploit kit".

Read more  

VB2017 paper: Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Posted by   Martijn Grooten on   Oct 20, 2017

We publish the VB2017 paper and video by Kaspersky Lab researchers Juan Andres Guerrero-Saade and Costin Raiu, in which they look at fourth-party collection (spies spying on other spies' campaigns) and its implications for attribution.

Read more  

Didn't come to VB2017? Tell us why!

Posted by   Martijn Grooten on   Oct 11, 2017

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of the VB Conference? What did you think of this year's programme? And why couldn't you come to Madrid?

Read more  

Montreal will host VB2018

Posted by   Martijn Grooten on   Oct 10, 2017

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.

Read more  
Previous1...2829303132...215Next

Search blog

VB2015 conference programme announced

From drones to elephants: an exciting range of topics will be covered in Prague.
From drones to elephants: an exciting range of topics will be covered in Prague. In six months' time, security researchers from around the world will gather in Prague for the 25th… https://www.virusbulletin.com/blog/2015/03/conference-programme-announced/

Paper: a timeline of mobile botnets

Ruchna Nigam provides an overview of more than 60 mobile malware families.
Ruchna Nigam provides an overview of more than 60 mobile malware families. The rise of mobile malware is still a relatively recent thing, with the first actual mobile botnets not… https://www.virusbulletin.com/blog/2015/03/paper-timeline-mobile-botnets/

Paper: Dylib hijacking on OS X

Patrick Wardle shows how OS X is also vulnerable to once common Windows attacks.
Patrick Wardle shows how OS X is also vulnerable to once common Windows attacks. A few years ago, DLL hijacking on Windows was really hot, despite the fact that the concept had… https://www.virusbulletin.com/blog/2015/03/paper-dylib-hijacking-os-x/

Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy. Patching is hard, especially when the code base is old and the bugs are buried deeply. This was… https://www.virusbulletin.com/blog/2015/03/paper-windows-10-patching-process-may-leave-enterprises-vulnerable-zero-day-attacks/

Will DIME eventually replace email?

Protocol has all the advantages of email, yet is orders of magnitude more secure.
Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email… https://www.virusbulletin.com/blog/2015/03/will-dime-eventually-replace-email/

The ghost of Stuxnet past

Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete. Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was… https://www.virusbulletin.com/blog/2015/03/ghost-stuxnet-past/

Virus Bulletin seeks hackers, network researchers for VB2015

One week left to submit an abstract for the 25th Virus Bulletin conference.
One week left to submit an abstract for the 25th Virus Bulletin conference. A few weeks ago, I made a short visit to the Clarion Congress Hotel in Prague, where VB2015 will take… https://www.virusbulletin.com/blog/2015/03/seeks-hackers-network-researchers/

Canadian firm fined $1.1m for breaching anti-spam law

First success story for long-awaited CASL.
First success story for long-awaited CASL. The Canadian Radio-television and Telecommunications Commission (CRTC), the agency responsible for enforcing Canada's anti-spam law… https://www.virusbulletin.com/blog/2015/03/canadian-firm-fined-1-1m-breaching-anti-spam-law/

VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps

Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.
Gregory Panakkal explains that there are different ways of looking at APK files - and that sometimes that can have unintended consequences.Since the close of the VB2014 conference… https://www.virusbulletin.com/blog/2015/03/paper-leaving-our-zip-undone-how-abuse-zip-deliver-malware-apps/

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.
Golden keys from the (first) crypto wars have come back to haunt us. When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello'… https://www.virusbulletin.com/blog/2015/03/freak-attack-takes-https-connections-back-1990s-security/

TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an… https://www.virusbulletin.com/blog/2015/03/torrentlocker-spam-has-dmarc-enabled/

Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.
Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen,… https://www.virusbulletin.com/blog/2015/03/paper-script-lossy-stream/

March

Anti-virus and security related news provided by independent anti-virus advisors, Virus Bulletin
https://www.virusbulletin.com/blog/2015/03/

VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.Since the close of the VB2014 conference in Seattle in October, we have been sharing… https://www.virusbulletin.com/blog/2015/02/paper-caphaw-advanced-persistent-pluginer/

M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it. The mere mention of "child pornography" on the Internet makes many a security expert… https://www.virusbulletin.com/blog/2015/02/m3aawg-releases-bcp-document-dealing-child-sexual-abuse-material/

Hacker group takes over Lenovo's DNS

As emails were sent to wrong servers, DNSSEC might be worth looking into.
As emails were sent to wrong servers, DNSSEC might be worth looking into. Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding… https://www.virusbulletin.com/blog/2015/02/hacker-group-takes-over-lenovo-s-dns/

Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.
Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying. A coordinated action from Anubisnetworks, Microsoft and Symantec, together with Europol has… https://www.virusbulletin.com/blog/2015/02/coordinated-action-takes-down-ramnit-botnet-infrastructure/

Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table

Each discovered vulnerability is actually a good news story.
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last… https://www.virusbulletin.com/blog/2015/02/almost-50-increase-reported-vulnerabilities-non-windows-operating-systems-lead-table/

Vawtrak trojan spread through malicious Office macros

Users easily tricked, but plenty of opportunity for the malware to be blocked.
Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the 'Vawtrak' banking trojan now also spreads through Office… https://www.virusbulletin.com/blog/2015/02/vawtrak-trojan-spread-through-malicious-office-macros/

Lenovo laptops pre-installed with software that adds its own root CA certificate

Shared root certificate makes for easy man-in-the-middle attacks.
Shared root certificate makes for easy man-in-the-middle attacks.What is Superfish?Superfish is a product that offers 'Visual Search'. Say, for example, you are looking at cat… https://www.virusbulletin.com/blog/2015/02/lenovo-laptops-pre-installed-software-adds-its-own-root-ca-certificate/

« Previous 1...3233343536...121 Next »

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.