Dénes Óvári explains how to store code in lossily compressed JPEG data.
Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen, anti-virus products began scanning inside PDF files for traces of malicious code and, equally naturally, malware authors started to obfuscate that code to circumvent scanners.
Not everything can be used to store code though. Data streams compressed using lossy compressors like JPXDecode and DCTDecode are deemed unsuitable for storing any kind of code. After all, the lossy compression means one should not be able to retrieve an exact copy of the uncompressed data. For performance reasons, scanners therefore usually ignore this data.
Use of email authentication technique unlikely to bring any advantage.
Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the 'TorrentLocker' ransomware and which, unusually, was using DMARC.
TorrentLocker is one of the most prominent families of encryption ransomware — a worryingly successful kind of malware that first appeared two years ago. The malware initially implemented its cryptography rather poorly, but has since become one of the most successful of its kind.
Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.
Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.
The mere mention of "child pornography" on the Internet makes many a security expert feel uncomfortable, and not just because of the natural human reaction to the idea of children being abused. It is often used, together with terrorism, as a trump card in discussions on government surveillance and encryption backdoors.
Yet child sexual abuse material (CSAM), as it is officially termed, does exist on the Internet. And there are real children who are abused and whose images are shared on the Internet. Hence for those whose jobs require them to access the shadier corners of the Internet, as well as for those who handle abuse reports, it is something they may well be exposed to at some point.