At VB2016, two talks will discuss mistakes made by malware authors in cryptographic implementations. Ben Herzog and Yaniv Balmas will present a paper in which they look at a number of these mistakes, while Malwarebytes researcher hasherezade will present …
"Don't roll your own crypto", software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own… https://www.virusbulletin.com/blog/2016/september/vb2016-preview-presentations-cryptography-mistakes-malware/
A new paper by CYREN researcher Lordian Mosuela takes a close look at Gatak, or Stegoloader, a piece of malware that was discovered last year and that is controlled via malicious code embedded in a PNG image, a technique known as steganography.
Sometimes a picture says more than a thousand words. And sometimes in computer security, a picture contains a thousand words, or rather a lot of commands, used by malware authors… https://www.virusbulletin.com/blog/2016/04/paper-how-it-works-steganography-hides-malware-image-files/
Meng Su explains how Dridex works and how it communicates with its C&C server.
Meng Su explains how Dridex works and how it communicates with its C&C server. A descendant of Cridex, Dridex was first written about a little less than a year ago, by S21sec and… https://www.virusbulletin.com/blog/2015/07/paper-dridex-wild/