VB Migration

Tag: exploit kit

  • Paper: New Keylogger on the Block

    Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…

  • Virus Bulletin publishes first web filter test report

    Virus Bulletin has been testing security products for more than 18 years, and in recent years, we have had many requests from product developers asking us to test their web security products. After all, whether malicious software is downloaded directly from websites or through sneaky drive-by downloads, the web remains an important infection vector. In…

  • Let’s Encrypt certificate used in malversiting

    We’d better get used to a world where malicious traffic is encrypted too. According to some people, myself included, Let’s Encrypt was one of the best things that happened to the Internet in 2015. Now that, as of December, the service is in public beta, anyone can register certificates for domains they own, in a…

  • Paper: 3ROS exploit framework kit — one more for the infection road

    Aditya K. Sood and Rohit Bansal highlight a different side of an exploit kit. Exploit kits are a serious plague on the Internet, made worse by the fact that the online advertisement ecosystem allows cybercriminals to run their malicious code on many websites. The kits are studied extensively by security researchers, who attempt to follow…

  • Compromised site serves Nuclear exploit kit together with fake BSOD

    Support scammers not lying about a malware infection for a change. During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted…

  • Paper: Beta exploit pack: one more piece of crimeware for the infection road!

    Exploit kit currently being tested focuses primarily on Flash Player exploits. Nuclear, Angler, Magnitude and Rig. Security researchers know we’re talking about exploit kits (or browser exploit packs), toolkits that automate the exploitation of client-side vulnerabilities and thus facilitate infection through drive-by downloads. Today, we publish an article by researchers Aditya K. Sood and Rohit…

  • Adobe issues patch for yet another Flash Player zero-day

    CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being exploited in the wild. You may be forgiven for thinking you had already patched this two weeks ago when Flash Player version 16.0.0.287 fixed CVE-2015-0310…

  • Adobe to patch Flash Player zero-day next week

    Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe ‘s Flash Player actively being exploited reached the security community, the company made an out-of-band patch available on its website. It now appears that this update – version 16.0.0.287 – patches another vulnerability ( CVE-2015-0310…

  • Alleged Flash Player zero-day used in Angler exploit kit

    Adobe ‘investigating reports’. Vulnerable browser plug-ins are one of the most important infection vectors, which is why it is so important to keep them up to date. If you don’t, visiting a website infected with an exploit kit (a toolkit that attempts to exploit a number of vulnerabilities at once) could result in malware being…

  • VB2014 preview: Optimized mal-ops. Hack the ad network like a boss

    Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. In the second of this series, we look at the paper ‘…