VB Migration

Tag: paper

  • New paper: LokiBot: dissecting the C&C panel deployments

    First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. LokiBot C&C panel with CAPTCHA. In a new paper (published today in both HTML and PDF format) researcher Aditya Sood analyses the URL structure of…

  • VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

    The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups of recent years. It has engaged in digital espionage, destructive attacks and financially motivated attacks, and was probably the most discussed threat group at VB2018 in Montreal. One of the Lazarus-related papers at VB2018 was written by…

  • VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

    The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups of recent years. It has engaged in digital espionage, destructive attacks and financially motivated attacks, and was probably the most discussed threat group at VB2018 in Montreal. One of the Lazarus-related papers at VB2018 was written by…

  • VB2018 paper: Inside Formbook infostealer

    The Formbook information-stealing trojan has been spread by a number of recent spam campaigns . The malware was advertised in hacking forums as long ago as January 2016, but wasn’t written about until an Arbor Networks blog post in September 2017. The malware is a ‘form-grabber’, which means it intercepts data entered in website forms,…

  • VB2018 paper: Inside Formbook infostealer

    The Formbook information-stealing trojan has been spread by a number of recent spam campaigns . The malware was advertised in hacking forums as long ago as January 2016, but wasn’t written about until an Arbor Networks blog post in September 2017. The malware is a ‘form-grabber’, which means it intercepts data entered in website forms,…

  • VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

    IT security research stumbled into the world of nation-state intelligence operations more or less by accident. In a now classic VB2015 paper , Juan Andres Guerrero-Saade discussed this shift from security research to intelligence brokerage and what this implied. Juan Andres has been a regular speaker at the VB conference since then, and has given…

  • VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

    IT security research stumbled into the world of nation-state intelligence operations more or less by accident. In a now classic VB2015 paper , Juan Andres Guerrero-Saade discussed this shift from security research to intelligence brokerage and what this implied. Juan Andres has been a regular speaker at the VB conference since then, and has given…

  • VB2018 paper: Office bugs on the rise

    A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…

  • VB2018 paper: Office bugs on the rise

    A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…

  • VB2018 paper: The dark side of WebAssembly

    With this year’s very successful Virus Bulletin Conference (VB2018) now behind us, we plan to continue the tradition of publishing most of the papers and videos of the presentations. We start with ‘The Dark Side of WebAssembly’, a paper by Symantec researchers Aishwarya Lonkar and Siddhesh Chandrayan that was part of the conference proceedings but,…