Notice

Virus Bulletin's blog

The latest Blog posts from the VB team
  1. VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation
    Static analysis and dynamic analysis each have their shortcomings as methods for analysing potentially malicious files. Today, we publish a VB2018 paper by Check Point researchers Yoni Moses and Yaniv Mordekhay, in which they describe a method that combines static and dynamic analysis to defeat app obfuscation in Android binaries. We also publish the video of their presentation.

    Read more
  2. VB2019 call for papers closes this weekend
    The call for papers for VB2019 closes on 17 March, and while we've already received many great submissions, we still want more!

    Read more
  3. Registration open for VB2019 ─ book your ticket now!
    Registration for VB2019, the 29th Virus Bulletin International Conference, is now open, with an early bird rate available until 1 July.

    Read more
  4. The VB2019 call for papers is about ... papers
    When we are calling for papers for the Virus Bulletin conference as we are doing now, we really mean a written paper. But don't worry if you've never written a paper - we can help!

    Read more
  5. VB2018 video: Adware is just malware with a legal department - how we reverse engineered OSX/Pirrit, received legal threats, and survived
    Amit Serper first analysed the OSX/Pirrit adware in 2016, highlighting some of its malware-like techniques, and soon afterwards started receiving legal threats from the company behind it. At VB2018 Amit gave a presentation in which he discussed both the adware and the legal threats he received for calling it malware. Today, we publish the video of Amit's presentation.

    Read more
  6. VB2018 paper: Anatomy of an attack: detecting and defeating CRASHOVERRIDE
    In December 2016, the CRASHOVERRIDE malware framework was used to cause a blackout in Ukraine. At VB2018 in Montreal, Dragos researcher Joe Slowik presented a detailed paper on the framework, explaining how the malware works and how it targets various protocols used to operate the electric grid. Today we publish both Joe's paper and the recording of his presentation.

    Read more
  7. VB2018 presentation: Levelling up: why sharing threat intelligence makes you more competitive
    In a presentation at VB2018, Michael Daniel, President and CEO of the Cyber Threat Alliance, outlined exactly how threat sharing strengthens a company's competitive advantage. Today we release the recording of his presentation.

    Read more
  8. The malspam security products miss: Emotet, Ursnif, and a spammer's blunder
    The set-up of the VBSpam test lab gives us a unique insight into the kinds of emails that are more likely to bypass email filters. This week we look at the malspam that was missed: a very international email with a link serving Emotet, an Italian Ursnif campaign with a password-protected ZIP and an email to which a clumsy spammer had attached a list of email addresses rather than a payload.

    Read more
  9. VB2018 paper: The modality of mortality in domain names
    Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains.

    Read more
  10. VB2018 paper: Analysing compiled binaries using logic
    Constraint programming is a lesser-known technique that is becoming increasingly popular among malware analysts. In a paper presented at VB2018 Thaís Moreira Hamasaki presented an overview of the technique and explained how it can be applied to the analysis of (potentially) malicious binaries. Today, we publish both Thaís' paper and the video of her presentation.

    Read more