VB Migration

Tag: malware

  • Macro malware on the rise again

    Users taught that having to enable enhanced security features is no big deal. When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past, like porn diallers or viruses that did funny things to the characters on your screen: threats that were once a real problem, but that…

  • VB2014 paper: Methods of malware persistence on Mac OS X

    ‘KnockKnock’ tool made available to the public. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Methods of malware persistence on Mac OS X’ by Synack researcher Patrick Wardle. It has been a while since Apple used the scarcity of…

  • Tor exit node found to turn downloaded binaries into malware

    Tor provides anonymity, not security, hence using HTTPS is essential. A security researcher has discovered a Tor exit node that was modifying binaries downloaded through it on the fly. The researcher, Josh Pitts of Leviathan Security , has previously shown how easy it is to modify binaries downloaded over HTTP in transit, thus turning them…

  • Windows zero-day used in targeted attacks

    Vulnerability used to download BlackEnergy trojan – as discussed during VB2014. Today is going to be a busy day for system administrators: they were already on high alert following a rumoured vulnerability in SSLv3, and now they also know that a zero-day vulnerability has been discovered that affects all currently supported versions of Windows .…

  • Shellshock used to spread Mayhem

    Malware switched to more effective Perl installer. One of the most prominent discussion topics during VB2014 was the ‘Shellshock’ vulnerability (CVE-2014-6271) in the popular Bash shell for *nix, which was publicly disclosed while the conference was going on in Seattle. The name ‘Shellshock’ started as a joke on Twitter. Considered at least as serious as…

  • Paper: The Hulk

    Raul Alvarez studies cavity file infector. Most file infectors increase the length of the infected file, as the malicious code is added as a new section of the host file, or to the last section of that file. ‘Cavity’ file infectors are different though: they infect files without increasing their size. Today, we publish a…

  • Malicious ads served on java.com

    If you do need to run plug-ins, make sure you enable click-to-play. Last week, we published a blog previewing the VB2014 paper ‘ Optimized mal-ops. Hack the ad network like a boss ‘ by Bromium researchers Vadim Kotov and Rahul Kashyap. In the paper, they show how purchasing ad space from legitimate ad servers, and…

  • VB2014 preview: P0wned by a barcode

    Fabio Assolini to speak about malware targeting boletos. In the weeks running up to VB2014 , we will look at some of the research that will be presented at the conference. In the first of this series, we look at the paper ‘ P0wned by a barcode: stealing money from offline users ‘, from Kaspersky…

  • Paper: Inside the iOS/AdThief malware

    75,000 jailbroken iOS devices infected with malware that steals ad revenues. Believing that the device or operating system you use reduces your chance of being affected by malware is generally a bad idea, but those using iOS have the numbers on their side: malware targeting Apple ‘s mobile platform is very rare. But very rare…

  • Paper: Mayhem – a hidden threat for *nix web servers

    New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a sudden focus on malware targeting Linux and Unix (web) servers. By targeting these servers, malware authors not only make user of far…