VB Migration

Category: blog

  • The VB2014 presentation you never saw. Early launch Android malware: your phone is 0wned

    Malicious apps may have more privileges than security software. There are many people without whom a Virus Bulletin conference wouldn’t be possible: the VB team, the crew from Cue Media , the hotel staff, the speakers, the sponsors , the delegates. But the unsung heroes of a conference are the reserve speakers. They prepare a…

  • CVE-2012-0158 continues to be used in targeted attacks

    30-month old vulnerability still a popular way to infect systems. If all you have to worry about are zero-day vulnerabilities, you have got things pretty well sorted. Although it is true that sometimes zero-days are being used to deliver malware (such as the recent use of CVE-2014-4114 by the SandWorm group), in many cases even…

  • Paper: Invading the core: iWorm’s infection vector and persistence mechanism

    Malware spreads through infected torrent, then maintains persistence on the system. A month ago, security firm Dr.Web reported it had discovered a new malware variant targeting Mac OS X , that was subsequently dubbed ‘iWorm’. Apart from the fact that malware for OS X , though becoming more common, is still a bit of a…

  • New IcoScript variant uses Gmail drafts for C&C communication

    Switch likely to make modular malware even stealthier. Researchers at Shape Security have found a new variant of the IcoScript RAT that makes use of draft emails stored in Gmail , Wired writes . This summer, we published a paper by G Data researcher Paul Rascagnères, who had discovered the malware, which was most notable…

  • VB2014 paper: Hiding the network behind the network. Botnet proxy business model

    Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Hiding the network behind the network. Botnet proxy business model’ by Bitdefender researchers Alexandru Maximciuc, Razvan Benchea and…

  • VB2014 paper: Methods of malware persistence on Mac OS X

    ‘KnockKnock’ tool made available to the public. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Methods of malware persistence on Mac OS X’ by Synack researcher Patrick Wardle. It has been a while since Apple used the scarcity of…

  • Tor exit node found to turn downloaded binaries into malware

    Tor provides anonymity, not security, hence using HTTPS is essential. A security researcher has discovered a Tor exit node that was modifying binaries downloaded through it on the fly. The researcher, Josh Pitts of Leviathan Security , has previously shown how easy it is to modify binaries downloaded over HTTP in transit, thus turning them…

  • VB2014 paper: Exposing Android white collar criminals

    Luis Corrons dives into the world of shady Android apps. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Exposing Android white collar criminals’ by Panda Security researcher Luis Corrons. Android is by far the most popular operating system when…

  • Black Hat Europe – day 2

    IPv6 versus IDPS, XSS in WYSIWYG editors, and reflected file downloads. After a busy first day , I was somewhat glad that the talks on the second day of Black Hat Europe appealed slightly less to my personal tastes and interests, as this gave me a chance to meet some old and new friends, and…

  • Black Hat Europe – day 1

    Programme packed with interesting talks. Though the prestige of Black Hat Europe doesn’t compare to that of its American parent conference, and the event certainly doesn’t dominate the debate on Twitter in quite the same way, more than 800 security experts descended on Amsterdam this week where, in the RAI Convention Centre, the 14th edition…