Blog keyword search

Ebury and Mayhem server malware families still active

Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised (Linux) web servers are the glue in many a malware campaign. Two such networks of… https://www.virusbulletin.com/blog/2017/10/ebury-and-mayhem-server-malware-families-still-active/

WireX DDoS botnet takedown shows the best side of the security industry

Collaboration between a number of security companies has led to the takedown of the WireX Android DDoS botnet. Efforts like these, and the fact that the companies involved all decided to publish the very same blog post, show the best side of the security …
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many… https://www.virusbulletin.com/blog/2017/08/wirex-ddos-botnet-takedown-shows-best-side-security-industry/

There is a place for unauthenticated key exchange, but don't tell anyone

Making dragnet surveillance harder justifies using weak form of encryption.
Making dragnet surveillance harder justifies using weak form of encryption. Discussions on how to make the Internet more secure have been going on ever since the first two… https://www.virusbulletin.com/blog/2013/11/there-place-unauthenticated-key-exchange-don-t-tell-anyone/

Malware spoofing HTTP Host header to hide C&C communication

Traffic appears as requests to Google or Yandex.
Traffic appears as requests to Google or Yandex. There have been several recent examples of malware using a spoofed HTTP Host header to hide communucation with its control servers.… https://www.virusbulletin.com/blog/2013/09/malware-spoofing-http-host-header-hide-c-amp-c-communication/

From Simple Mail to Hypertext

HTTP and FTP take over from SMTP as common malware spreading methods.
HTTP and FTP take over from SMTP as common malware spreading methods.A report from F-Secure has highlighted the recent shift in malware spreading methods from email to web-based… https://www.virusbulletin.com/blog/2008/03/simple-mail-hypertext/