VB Migration

Category: blog

  • VB2018 paper: Office bugs on the rise

    A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…

  • VB2018 video: The Big Bang Theory by APT-C-23

    The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in early 2013. Its campaigns have since been written about by many security vendors, including Palo Alto and Cisco Talos . Check Point…

  • VB2018 video: The Big Bang Theory by APT-C-23

    The APT-C-23 group, which targets users in the Middle East and in particular in the State of Palestine, was named and first reported on by 360 in a Chinese language blog post in early 2013. Its campaigns have since been written about by many security vendors, including Palo Alto and Cisco Talos . Check Point…

  • VB2019 London – join us for the most international threat intelligence conference!

    If you see cybersecurity as a battle between attackers and defenders, then there are enough good news stories to demonstrate that the former aren’t necessarily winning. But the number of botnets and threat groups, as well as the number of research and analysis tools, can often feel rather overwhelming. No organisation can be expected to…

  • VB2019 London – join us for the most international threat intelligence conference!

    If you see cybersecurity as a battle between attackers and defenders, then there are enough good news stories to demonstrate that the former aren’t necessarily winning. But the number of botnets and threat groups, as well as the number of research and analysis tools, can often feel rather overwhelming. No organisation can be expected to…

  • VB2018 paper: Tracking Mirai variants

    The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet of Things (IoT) botnet. Mirai made its name when it was used in some damaging DDoS attacks in the second half of 2016;…

  • VB2018 paper: Tracking Mirai variants

    The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet of Things (IoT) botnet. Mirai made its name when it was used in some damaging DDoS attacks in the second half of 2016;…

  • VB2018 paper: Hide’n’Seek: an adaptive peer-to-peer IoT botnet

    Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of Things. One prime example is Hide’N’Seek, discovered by Bitdefender in January, which is notable for its use of peer-to-peer for command-and-control communication. Though the botnet’s…

  • VB2018 paper: Hide’n’Seek: an adaptive peer-to-peer IoT botnet

    Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of Things. One prime example is Hide’N’Seek, discovered by Bitdefender in January, which is notable for its use of peer-to-peer for command-and-control communication. Though the botnet’s…

  • New paper: Botception: botnet distributes script with bot capabilities

    The Necurs botnet has been active for some time. In 2014, Virus Bulletin published a 3-part article by Peter Ferrie ( 1 , 2 , 3 ) who had studied the botnet in great detail. And although, as is typical for botnets, Necurs’ activities can be somewhat volatile, it has been used for some notorious…