VB Migration

Tag: conference

  • VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

    Software that is endemic to a specific country or region has long been a popular attack vector, in particular among APT groups, who have a history of exploiting vulnerabilities in such software. Past VB conference papers have analysed attacks against InPage , popular in Pakistan, and against Hangul , widely used in South Korea. Japan…

  • VB2020 programme announced

    While VB is keeping a careful eye on the global situation surrounding the COVID-19 pandemic and the various travel and health advice, the planning and arrangements for VB2020 are going ahead as usual – and today we are very pleased to announce the programme for VB2020 , the 30th Virus Bulletin International Conference, due to…

  • VB2019 paper: 2,000 reactions to a malware attack – accidental study

    In an illuminating study – possible thanks to a unique perspective on a malicious email campagin – cybercrime journalist and researcher Adam Haertlé ( BadCyber.com / ZaufanaTrzeciaStrona.pl ) read, analysed and classified 1,976 responses sent by victims of a malicious email campaign. In taking revenge for Adam having written about them on his blog, the senders of…

  • VB2019 paper: Why companies need to focus on a problem they do not know they have

    It is one of the worst things on the Internet: child sexual abuse material (CSAM), sometimes referred to as ‘child porn’. Many misconceptions exist around CSAM, one of which is that it is only ever accessed from home. In fact, many company networks are used to download and store CSAM, often unbeknownst to network administrators.…

  • VB2020 update – currently business as usual

    Like everyone around the world, we at Virus Bulletin have been closely following the news about the COVID-19 outbreak. Our team is spread throughout Europe (UK, Italy, Hungary and Romania) and we are each experiencing the outbreak from our different viewpoints. We are deeply saddened by the many lives lost and humbled by the efforts…

  • VB2019 paper: Defeating APT10 compiler-level obfuscations

    Obfuscation in malware has long frustrated analysis, and obfuscation at the compiler level, such as opaque predicates and control flow flattening, has been particularly challenging. One group that has been using this kind of obfuscation is APT10, an APT group made famous through a 2018 indictment by the US government in which two Chinese individuals…

  • VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

    Malicious RTF files, exploiting vulnerabilities in Microsoft Office , have long been a popular way to deliver malware, most often through (spear-)phishing attacks. Such files are often created using exploit builders, which were the subject of a VB2018 presentation by Sophos researcher Gábor Szappanos. One such builder (or weaponizer) is ‘Royal Road’, which has been…

  • VB2019 presentation: Nexus between OT and IT threat intelligence

    Cyber attacks on industrial control systems (ICS) include the well-known stories of Stuxnet and BlackEnergy and such attacks appear to be getting more prevalent. Late last year, a natural gas compression facility at a US pipeline operator was targeted with ransomware . Operational Technology (OT), the mission critical IT in ICS, shares many similarities with…

  • VB2019 paper: Play fuzzing machine – hunting iOS and macOS kernel vulnerabilities automatically and smartly

    Apple ’s MacOS and iOS operating systems are often praised for their security. Yet vulnerabilities in both operating systems are regularly being found and exploited, especially by more advanced attackers. In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how researchers like them hunt for such vulnerabilities…

  • VB2019 paper: Finding drive-by rookies using an automated active observation platform

    Exploit kits made a bit of a comeback in 2019, something we have also seen in our test lab . Detecting these kits isn’t trivial though, given the various anti-analysis measures built into them, from geo-restricting to specific countries or regions, to the detection of client-side sandboxes. In a last-minute paper presented at VB2019 in…