VB Migration

Category: blog

  • Report: 15 solutions achieve VBSpam award

    Despite short spike, image spam no problem for spam filters. Good news for those who need to run a spam filter (in other words: everyone who runs a mail server). For the second time in a row, all 15 participating full solutions in our comparative anti-spam tests achieved a VBSpam award. They all blocked a…

  • Researchers release CryptoLocker decryption tool

    Tool uses private keys found in database of victims. Please note : this blog post was written in August 2014 and refers to a particular kind of encryption-ransomware that was active until June 2014. The tools mentioned are unlikely to work to decrypt newer versions of ransomware, including those branded as ‘CrytpoLocker’. The CryptoLocker ransomware…

  • Paper: IcoScript: using webmail to control malware

    RAT gets instructions from Yahoo Mail address. One of the big challenges for malicious actors in operating a RAT (remote administration tool) is how to control the malware and retrieve data gathered from the infected machine. Listening on a certain port, or regularly connecting to a remote server, is behaviour that is likely to be…

  • Paper: Learning about Bflient through sample analysis

    Flexible module-handling mechanism allows malware to adjust functionalities at will. The history of the ‘Bflient’ worm goes back to the discovery of its first variants in June 2010. The malware was created using the ‘ButterFly Flooder’ toolkit, which is an update to ‘ButterFly Bot’ – made (in)famous because it was used to create the Mariposa…

  • Report: VB100 comparative review on Windows 7

    29 out of 35 tested products earn VB100 award. The various changes at Virus Bulletin mean that things are busier than ever in our office. Still, behind the scenes we continue to perform what remains one of our core activities: the testing of security products. John Hawes and his team tested no fewer than 35…

  • Call for last-minute papers for VB2014 announced

    Seven speaking slots waiting to be filled with presentations on ‘hot’ security topics. Earlier this year, we announced the programme for VB2014: three days filled with excellent papers on a wide range of security topics. Well, not entirely. As usual, one small part of the programme has been set aside for last-minute papers: presentations dealing…

  • Paper: Mayhem – a hidden threat for *nix web servers

    New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a sudden focus on malware targeting Linux and Unix (web) servers. By targeting these servers, malware authors not only make user of far…

  • Google’s Project Zero to hunt for zero-days

    Bugs to be reported to the vendor only, and to become public once patched. Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of widely used software and to report them to the respective vendor. Few subjects in security are as controversial as the disclosure of…

  • Paper: API-EPO

    Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector. A few months ago, we published an article by Fortinet ‘s Raul Alvarez on the Expiro file infector, which uses an EPO (entry-point obscuring) technique in an attempt to avoid heuristic detection. In EPO, a file infector doesn’t simply change the entry…

  • Paper: Not old enough to be forgotten: the new chic of Visual Basic 6

    Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++. Two months ago, Microsoft announced it had added ‘Miuref’ to its Malicious Software Removal Tool. First discovered in December 2013, Miuref is a click-fraud trojan that silently makes a browser ‘click’ advertisements that are controlled by those running…