VB Migration

Tag: malware

  • Paper: Spreading techniques used by malware

    Malware infections usually start with a user opening an attachment, visiting a link, or simply accessing an infected site with a vulnerable browser. But once malware has infected an endpoint, it often looks for other devices in order to spread further, or at least to include the files on those devices in its malicious encryption…

  • Conference review: Botconf 2016

    This review was written by Martijn Grooten, Adrian Luca and Ionuț Răileanu. Though still only in its fourth year, Botconf has become one of the Virus Bulletin team’s favourite conferences. Late in November, three of the VB team flew to Lyon to attend this year’s three-day event. As its name suggests, Botconf is aimed at…

  • Conference review: Botconf 2016

    This review was written by Martijn Grooten, Adrian Luca and Ionuț Răileanu. Though still only in its fourth year, Botconf has become one of the Virus Bulletin team’s favourite conferences. Late in November, three of the VB team flew to Lyon to attend this year’s three-day event. As its name suggests, Botconf is aimed at…

  • VB2016 preview: Cryptography mistakes in malware

    “Don’t roll your own crypto”, software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own implementation. Not everyone heeds that advice though, and among those not listening are the developers of various malware families. In a paper to be presented…

  • VB2016 preview: Cryptography mistakes in malware

    “Don’t roll your own crypto”, software developers are often told: cryptography is hard and thus it is always safer to use a well-tested public library rather than writing your own implementation. Not everyone heeds that advice though, and among those not listening are the developers of various malware families. In a paper to be presented…

  • VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka

    Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of the infected device to send information and receive commands. This inherent weakness in botnets’ infrastructures makes command and control traffic a useful avenue for analysing botnet behaviour. Haka is an open…

  • Paper: Behavioural Detection and Prevention of Malware on OS X

    Though still well behind that of Windows malware, the prevalence of malware targeting OS X has increased in the past year to the point where Mac users can’t assume they are safe just because of the operation system they are using. The question of how to effectively detect new Mac malware is one that is…

  • VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka

    Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of the infected device to send information and receive commands. This inherent weakness in botnets’ infrastructures makes command and control traffic a useful avenue for analysing botnet behaviour. Haka is an open…

  • Paper: Behavioural Detection and Prevention of Malware on OS X

    Though still well behind that of Windows malware, the prevalence of malware targeting OS X has increased in the past year to the point where Mac users can’t assume they are safe just because of the operation system they are using. The question of how to effectively detect new Mac malware is one that is…

  • Paper: The Journey of Evasion Enters Behavioural Phase

    Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware authors need to find new ways to prevent their malware from being blocked while it is running. In a new paper (also available as PDF ) published today by Virus…