VB Migration

Tag: dga

  • VB2017 preview: Beyond lexical and PDNS (guest blog)

    In this special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday. In the past decade, detection of DGA (Domain Generation Algorithm) domains has relied primarily on lexical analysis of domain names, tracking of NX (non-resolving) domains, and malware…

  • VB2017 preview: Beyond lexical and PDNS (guest blog)

    In this special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday. In the past decade, detection of DGA (Domain Generation Algorithm) domains has relied primarily on lexical analysis of domain names, tracking of NX (non-resolving) domains, and malware…

  • Volatile Cedar campaign – cyber espionage isn’t just for large nation states

    Details of malware to be discussed at VB2015. Researchers at Check Point have revealed details of a cyber-espionage campaign, dubbed ‘Volatile Cedar’, that has been active since at least 2012. The campaign, whose motive appears to be political rather than financial, revolves around a custom-made remote access trojan named ‘Explosive’, which is separated into a…

  • VB2014 paper: We know it before you do: predicting malicious domains

    Wei Xu and his colleagues attempt to block domains before they’re used for bad purposes. Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘We know it before you do: predicting malicious domains’ by…

  • Srizbi kernel-mode spambot reappears as Pitou

    Malware possibly still in the ‘brewing’ stage. In November 2007, we published an article by Kimmo Kasslin ( F-Secure ) and Elia Florio ( Symantec ), in which they analysed the ‘Srizbi’ trojan, notable for being the first malware found in the wild that operated fully in kernel mode. It appears that Srizbi has made…