Mindblown: a blog about philosophy.
-
Paper: Prosecting the Citadel botnet – revealing the dominance of the Zeus descendent: part two
Aditya K. Sood and Rohit Bansal study the malware’s behaviour when ran on a physical machine. Last week, we published the first part of the paper ‘Prosecting the Citadel botnet – revealing the dominance of the Zeus descendent’. In it, researchers Aditya K. Sood and Rohit Bansal looked at the design and implementation of the…
-
Crypto blunder makes TorrentLocker easy to crack
Use of single XOR key leaves ransomware open to known-plaintext attack. It has been said many times before: cryptography is hard. Earlier this year, the authors of the ‘Bitcrypt’ ransomware discovered this too, when they confused bytes and digits and made their encryption keys easy to crack. ‘TorrentLocker’ is a new kind of encryption ransomware…
-
VB2014 preview: The three levels of exploit testing
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, we look at the paper ‘ The…
-
VB2014 preview: last-minute papers added to the programme
Hot topics to be covered at VB2014 conference in Seattle. Although most of the VB2014 conference programme was announced back in April, it looks anything but dated. A paper on malicious ads became even more hot when java.com was found to serve such ads, while the recent data breach at Home Depot increased the relevance…
-
Paper: Prosecting the Citadel botnet – revealing the dominance of the Zeus descendent: part one
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud. It is unlikely that anyone still thinks that cybercrime is performed by 16-year-old kids who write short pieces of code that wreak havoc all over the world, but if you do still hold that belief, it won’t hurt to take a look…
-
VB2014 preview: Swipe away, we’re watching you
Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, we look at the paper ‘ Swipe away, we’re watching…
-
VB2014 preview: Design to discover: security analytics with 3D visualization engine
Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, we look at the paper ‘ Design to discover: security analytics with…
-
Srizbi kernel-mode spambot reappears as Pitou
Malware possibly still in the ‘brewing’ stage. In November 2007, we published an article by Kimmo Kasslin ( F-Secure ) and Elia Florio ( Symantec ), in which they analysed the ‘Srizbi’ trojan, notable for being the first malware found in the wild that operated fully in kernel mode. It appears that Srizbi has made…
-
Malicious ads served on java.com
If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper ‘ Optimized mal-ops. Hack the ad network like a boss ‘ by Bromium researchers Vadim Kotov and Rahul Kashyap. In the paper, they show how purchasing ad space from legitimate ad servers, and…
-
VB2014 preview: Methods of malware persistence on Mac OS X
Patrick Wardle shows that OS X users really have something to worry about. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, we look at the paper ‘ Methods of malware persistence on Mac OS…
Got any book recommendations?