The authors of the Trickbot banking trojan seem to have taken note of the use of SMB by WannaCry and (Not)Petya and have added an (experimental) module that uses SMB for lateral movement.
Damaging though they were, the recent WannaCry and (Not)Petya outbreaks taught security practitioners many valuable lessons. Unfortunately, they taught important lessons to… https://www.virusbulletin.com/blog/2017/08/worms-wiggling-inside-your-networks-are-lot-harder-stop/
Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C…
Researchers at Cisco have published a paper (PDF) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from… https://www.virusbulletin.com/blog/2017/06/research-paper-shows-it-may-be-possible-distinguish-malware-traffic-using-tls/
In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now available …
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic.… https://www.virusbulletin.com/blog/2017/04/vb2016-paper-debugging-and-monitoring-malware-network-activities-haka/
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.Over the next few months, we will be sharing VB2014 conference papers as… https://www.virusbulletin.com/blog/2014/11/paper-sweeping-ip-space-hunt-evil-internet/
Short-lived network changes used to make miners connect to rogue pool.
Short-lived network changes used to make miners connect to rogue pool. Researchers at Dell SecureWorks have discovered an operation that used BGP hijacking to force bitcoin miners… https://www.virusbulletin.com/blog/2014/08/83k-bitcoins-stolen-through-bgp-hijack/