Paper: Script in a lossy stream

Dénes Óvári explains how to store code in lossily compressed JPEG data.

Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen, anti-virus products began scanning inside PDF files for traces of malicious code and, equally naturally, malware authors started to obfuscate that code to circumvent scanners.

Not everything can be used to store code though. Data streams compressed using lossy compressors like JPXDecode and DCTDecode are deemed unsuitable for storing any kind of code. After all, the lossy compression means one should not be able to retrieve an exact copy of the uncompressed data. For performance reasons, scanners therefore usually ignore this data.


TorrentLocker spam has DMARC enabled

Use of email authentication technique unlikely to bring any advantage.

Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the 'TorrentLocker' ransomware and which, unusually, was using DMARC.

TorrentLocker is one of the most prominent families of encryption ransomware — a worryingly successful kind of malware that first appeared two years ago. The malware initially implemented its cryptography rather poorly, but has since become one of the most successful of its kind.


VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.

Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.

Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.


M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.

The mere mention of "child pornography" on the Internet makes many a security expert feel uncomfortable, and not just because of the natural human reaction to the idea of children being abused. It is often used, together with terrorism, as a trump card in discussions on government surveillance and encryption backdoors.

Yet child sexual abuse material (CSAM), as it is officially termed, does exist on the Internet. And there are real children who are abused and whose images are shared on the Internet. Hence for those whose jobs require them to access the shadier corners of the Internet, as well as for those who handle abuse reports, it is something they may well be exposed to at some point.


VB Conference

VB2015 Prague, 30 Sept - 2 Oct 2015: Covering the global threat landscape The VB conference is a major highlight of the security calendar, with many of its regular attendees citing it as the IT security event of the year. The 25th Virus Bulletin International Conference (VB2015) takes place 30 September to 2 October 2015 at the Clarion Congress Hotel, Prague, Czech Republic.

Previous VB conference delegates said:

‘It was a real pleasure to talk to so many smart researchers from around the world.’


All but three of the 16 full solutions submitted for this month's test achieved a VBSpam award, and six of them achieved a VBSpam+ award. | Read more...


The latest VB100 comparative on the evergreen Windows 7 resulted in a pleasingly high success rate with just a few products failing to make the grade for certification. | Read more...

Date Event Location
March 09 - 10 European Smart Grid Cyber Security London, UK
Mar 09 - 10 Financial Services Cyber Security Summit, MENA Dubai, UAE
Mar 16 - 20 TROOPERS15 Heidelberg, Germany
Mar 21 - 27 SyScan Singapore
Mar 24 - 27 Black Hat Asia Singapore
Apr 14 - 15 EBCG Cyber Security Summit Financial Sector: Fortify your Ability to Counter Dynamic Attacks Prague, Czech Republic
Apr 14 - 15 EBCG Cyber Security Summit Industrial Sector: Intensified Protective Measures Prague, Czech Republic
Apr 20 - 24 RSA Conference 2015 San Francisco, CA, USA
Sept 30 - Oct 2 VB2015 Prague, Czech Republic
Oct 05 - 07 VB2016 Denver, CO, USA


virusbtn:Bruce Schneier links to reviews and abstracts of his new book 'Data and Goliath' VB will also publish a review
Wed Mar 04 08:55:54

virusbtn:Symantec report shows that takedowns saw financial trojan infections drop by more than 50%; threat still prevalent
Wed Mar 04 08:30:19

virusbtn:Netwire RAT used in targeted attacks Yet another attack that uses malicious macros
Wed Mar 04 08:01:23

virusbtn:'FREAK' SSL vulnerability lets an attacker trick you to into going back to 1990s crypto
Wed Mar 04 07:27:13

Jobs Career Sidebar