VB Migration

Category: blog

  • Compromised site serves Nuclear exploit kit together with fake BSOD

    Support scammers not lying about a malware infection for a change. During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted…

  • Throwback Thursday: Riotous Assembly

    This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel. Today, malware that affects the Windows kernel is ubiquitous – the majority of sophisticated attacks against Windows users have at least one component executing in the operating system…

  • Stagefright vulnerability leaves 950 million Android devices vulnerable to remote code execution

    The operating system has been patched, but it is unclear whether users will receive those patches. Researchers at mobile security firm Zimperium have discovered a remote code execution flaw in the Stagefright media library used on Android phones. The vulnerability allegedly means it could, for instance, take one MMS message for an attacker to run…

  • Throwback Thursday: Sizewell B: Fact or Fiction?

    This Throwback Thursday, we turn the clock back to 1993, when VB asked the key question: could a virus compromise safety at one of Britain’s nuclear power plants? 2010 saw the discovery of Stuxnet, which targeted industrial control systems in general, with the specific target of a particular Iranian nuclear facility — but 2010 wasn’t…

  • Call for last-minute papers for VB2015 announced

    Ten speaking slots waiting to be filled with presentations on ‘hot’ security topics. There’s never a dull moment in the world of IT security. Whether you think the breach of spyware maker Hacking Team is the most important story of the past few months, that the breach at Ashley Madison was at least as embarrassing…

  • ‘NOMORE’ attack makes RC4 a little weaker again

    No good reason to continue using the stream cipher, yet attacks remain impractical. Researchers from the KU Leuven have presented a new attack against the RC4 stream cipher called ‘NOMORE’, which is short for Numerous Occurrence MOnitoring & Recovery Exploit. While it is really good research, and while it re-emphasises the point that the cipher…

  • Spam levels fall below 50% for the first time in 12 years

    Decline not necessarily good news for spam filters. For the first time in 12 years, less than half of email traffic is spam, Symantec reports in the latest issue of its monthly Intelligence Report ( pdf ). Spam is notoriously hard to measure, and different methodologies, definitions and spam sources can give significantly different numbers.…

  • Throwback Thursday: What You Pay For…

    This Throwback Thursday, we turn the clock back to 1996, when VB looked at what was available to protect your computer free of charge. Today, the ‘freemium’ business model is a familiar one, and one that we commonly see in the world of security solutions: businesses offer a product or service free of charge, but…

  • Paper: Dridex in the Wild

    Meng Su explains how Dridex works and how it communicates with its C&C server. A descendant of Cridex, Dridex was first written about a little less than a year ago, by S21sec and abuse.ch . Since then, Dridex has evolved to become one of the more prevalent banking trojans. Dridex often spreads via attachments to…

  • Those doing bad things deserve privacy too

    Hacking Team leakers should have taken a leaf out of Snowden’s book. I can understand, at least in principle, that targeted malware could be used by law enforcement agencies for legitimate purposes. After all, with proper court orders in place, it is not significantly different from the hidden cameras placed by those same agencies. However,…