Blog

FREAK attack takes HTTPS connections back to 1990s security

Golden keys from the (first) crypto wars have come back to haunt us.

When a web client makes a secure connection to a web server (using HTTPS), it starts by sending a 'Hello' message in which it announces which cipher suites it supports. The web server then chooses one, presumably the one that offers the best security, and this will be used to encrypt the traffic.

A downgrade attack occurs when an attacker situated between client and server convinces them to use a weaker cipher suite. In itself this shouldn't be problem: even the weaker suites are supposed to provide ample security, but it can be used to facilitate the exploit of a vulnerability in a weaker cipher suite, similar to attacks that force the connection to use the older SSL 3.0 protocol to exploit POODLE.

Read more...


Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.

Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen, anti-virus products began scanning inside PDF files for traces of malicious code and, equally naturally, malware authors started to obfuscate that code to circumvent scanners.

Not everything can be used to store code though. Data streams compressed using lossy compressors like JPXDecode and DCTDecode are deemed unsuitable for storing any kind of code. After all, the lossy compression means one should not be able to retrieve an exact copy of the uncompressed data. For performance reasons, scanners therefore usually ignore this data.

Read more...


TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.

Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the 'TorrentLocker' ransomware and which, unusually, was using DMARC.

TorrentLocker is one of the most prominent families of encryption ransomware — a worryingly successful kind of malware that first appeared two years ago. The malware initially implemented its cryptography rather poorly, but has since become one of the most successful of its kind.

Read more...


VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.

Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.

Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.

Read more...


VB Conference

VB2015 Prague, 30 Sept - 2 Oct 2015: Covering the global threat landscape The VB conference is a major highlight of the security calendar, with many of its regular attendees citing it as the IT security event of the year. The 25th Virus Bulletin International Conference (VB2015) takes place 30 September to 2 October 2015 at the Clarion Congress Hotel, Prague, Czech Republic.

Previous VB conference delegates said:

‘VB is the best technical conference I have ever attended.’


VBSpam

All but three of the 16 full solutions submitted for this month's test achieved a VBSpam award, and six of them achieved a VBSpam+ award. | Read more...


VB100

The latest VB100 comparative on the evergreen Windows 7 resulted in a pleasingly high success rate with just a few products failing to make the grade for certification. | Read more...


Calendar
Date Event Location
March 09 - 10 European Smart Grid Cyber Security London, UK
Mar 09 - 10 Financial Services Cyber Security Summit, MENA Dubai, UAE
Mar 16 - 20 TROOPERS15 Heidelberg, Germany
Mar 21 - 27 SyScan Singapore
Mar 24 - 27 Black Hat Asia Singapore
Apr 14 - 15 EBCG Cyber Security Summit Financial Sector: Fortify your Ability to Counter Dynamic Attacks Prague, Czech Republic
Apr 14 - 15 EBCG Cyber Security Summit Industrial Sector: Intensified Protective Measures Prague, Czech Republic
Apr 20 - 24 RSA Conference 2015 San Francisco, CA, USA
Sept 30 - Oct 2 VB2015 Prague, Czech Republic
Oct 05 - 07 VB2016 Denver, CO, USA



Twitter

virusbtn:New blog: FREAK attack takes HTTPS connections back to 1990s security https://t.co/J0ghW1KxJv
Wed Mar 04 11:59:15


virusbtn:Bruce Schneier links to reviews and abstracts of his new book 'Data and Goliath' VB will also publish a review https://t.co/t2DqCD6gQd
Wed Mar 04 08:55:54


virusbtn:Symantec report shows that takedowns saw financial trojan infections drop by more than 50%; threat still prevalent http://t.co/ceuhVkaqzQ
Wed Mar 04 08:30:19


virusbtn:Netwire RAT used in targeted attacks Yet another attack that uses malicious macros https://t.co/LDA4AZObiv https://t.co/Ov4wC7m1z8
Wed Mar 04 08:01:23



Advertisement
CIA15 Philippines