Paper: Optimizing ssDeep for use at scale

Brian Wallace presents tool to optimize ssDeep comparisons.

Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcher whether two files are very similar — or not similar at all.

When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance researcher Brian Wallace devised an optimization to ssDeep comparisons.


Throwback Thursday: Legal attempts to reduce spam. A UK perspective

This Throwback Thursday, we turn the clock back to November 2003, when spam was such a hot topic that VB decided to launch a dedicated 'VB Spam Supplement'.

While, today, spam is a problem that is generally very well mitigated, 12 years ago it was a subject of growing concern and was becoming of increasing interest to the AV industry, with a veritable stampede of AV vendors rushing to bring anti-spam solutions to market alongside their anti-virus products.

With volumes of unsolicited email growing almost by the day, there was great interest in the ways in which users were affected by it, so in November 2003, VB decided to launch the 'VB Spam Supplement', a section of Virus Bulletin magazine that would be dedicated to news and articles on spam and anti-spam techniques.


Paper: 3ROS exploit framework kit — one more for the infection road

Aditya K. Sood and Rohit Bansal highlight a different side of an exploit kit.

Exploit kits are a serious plague on the Internet, made worse by the fact that the online advertisement ecosystem allows cybercriminals to run their malicious code on many websites. The kits are studied extensively by security researchers, who attempt to follow their development as the kits' authors try to make sure detection is evaded.

Today, we publish a paper by Aditya K. Sood (Elastica) and Rohit Bansal (SecNiche Security Labs), who look at another side of an exploit kit: the interface used by the malware authors who rely on exploit kits to get their malware installed on victims' machines.


Throwback Thursday: What DDoS it all Mean?

This Throwback Thursday, we turn the clock back to March 2000, when DDoS attacks were a newly emerging menace.

Today, DDoS attacks are a well-known form of cyber abuse — indeed, even this week, Swiss encrypted webmail provider ProtonMail has been the target of a sustained DDoS attack.

In early 2000, however, DDoS attacks were far from common (even though the concept had been around for some time), so when, in February 2000, some of the Internet's largest websites including CNN, MSN, Yahoo and others were disrupted by DDoS attacks, the media went into overdrive with the story, describing 'cyber-attacks batter[ing] web heavyweights'.



For the first time since July 2014, all full solutions in this month's test achieved VBSpam certification. Moreover, an additional measure introduced this month showed that products rarely delayed the delivery of emails. | Read more...


This month VB lab team put 14 business products and 30 consumer products to the test on Windows 8.1 Pro. The VB100 pass rate was decent, although not quite up to the perfect or near-perfect fields seen in a few recent tests. | Read more...

Date Event Location
Dec 02 - 04 Botconf '15 Paris, France
Jan 15 - 17 Shmoocon Washington D.C., USA
Feb 15 - 18 M3AAWG 36th General Meeting San Francisco, CA, USA
Mar 14 - 18 TROOPERS16 Heidelberg, Germany
Mar 16 - 18 CanSecWest Vancouver, BC, Canada
June 09 Copenhagen Cybercrime Conference 2016 Copenhagen, Denmark
Oct 05 - 07 VB2016 Denver, CO, USA

VB Conference

VB2016 Denver, 5-7 Oct 2016: Covering the global threat landscape
The VB conference is a major highlight of the security calendar, with many of its regular attendees citing it as the IT security event of the year. VB2016 will take place in Denver, Colorado, USA.

Previous VB conference delegates said:

‘This is an excellent event - I would like to attend every year!’


virusbtn:New paper: Optimizing ssDeep for use at scale, by @botnet_hunter
Fri Nov 27 15:44:47

virusbtn:Using Unicode's Byte Order Mark to obfuscate spammy URLs
Wed Nov 18 11:56:23

virusbtn:The @EFF seizes control of domain claiming to be theirs which was spreading malware
Wed Nov 18 11:22:22

virusbtn:The Derusbi malware bypasses Windows driver signing. @r00tbsd explains how it does that
Wed Nov 18 10:47:42

Jobs Recruit Sidebar