Second edition of 'botnet fighting conference' another great success.
VB seeks submissions for the 25th Virus Bulletin Conference.
Kim Zetter's book on Stuxnet is a must-read for anyone interested in malware - or in 21st century geopolitics.
More sponsorship opportunities available.
Jeongwook Oh demonstrates how to hack a Samsung smart TV.
VB seeks a Perl Developer / Security Engineer.
The biggest and broadest ranging Virus Bulletin conference ever was a great success.
What do your IP packet sizes say about whether you're a spammer?
Nation state likely behind campaign that goes back many years.
Second opinion essential in circumstances under which likely victims operate.
Many VB authors and presenters to speak at second botnet-fighting conference.
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.
40 out of 48 tested products earn VB100 award.
Kerberos bug means one set of credentials suffices to rule them all.
Why buying ad space makes perfect sense for those wanting to spread malware.
Must-read for anyone working with one of the Internet's most important protocols.
Despite better defences, the era of bootkits is certainly not behind us.
Five initial victims of infamous worm named.
Developer Enterprise Program recently found to be used by WireLurker.
Health apps and wearable devices found to make many basic security mistakes.
Users taught that having to enable enhanced security features is no big deal.
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.
Non-jailbroken devices infected via enterprise provisioning program.
Santiago Pontiroli takes us on a rollercoaster ride through cryptocurrency land.
30-month old vulnerability still a popular way to infect systems.
Malicious apps may have more privileges than security software.
Malware spreads through infected torrent, then maintains persistence on the system.
Switch likely to make modular malware even stealthier.
Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden.
'KnockKnock' tool made available to the public.
Tor provides anonymity, not security, hence using HTTPS is essential.
Luis Corrons dives into the world of shady Android apps.
IPv6 versus IDPS, XSS in WYSIWYG editors, and reflected file downloads.
Programme packed with interesting talks.
Nick Sullivan describes how DNSSEC uses cryptography to add authentication and integrity to DNS responses.
Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks.
Surprisingly, the presence of more URLs doesn't necessarily make spam easier to block.
Vulnerability used to download BlackEnergy trojan - as discussed during VB2014.
Jean-Ian Boutin looks at the increased commoditization of webinjects.
Raul Alvarez studies cavity file infector.
Malware switched to more effective Perl installer.
Thanks all for a fantastic conference and see you in Prague... or in Denver!
The first of many awards to commemorate brilliant researcher.
Another day of excellent presentations.
Almost £1,300 donated to WWF!
Fourteen blog posts look ahead at the 24th Virus Bulletin conference.
Jérôme Segura looks at recent developments in malicious cold calls.
Chun Feng and Elia Florio look at exploits targeting domain memory opcode in Adobe Flash.
Some useful information for those attending VB2014 - or those interested in attending.
Researchers from ESET, Yandex and Symantec look at emerging malware trend.
Vulnerability disclosure one of the hottest issues in security.
23 out of 29 tested products earn VB100 award.
FireEye researchers show a large attack vector for Apple's mobile operating system.
Call to use end-to-end encryption and to deploy DNSSEC.
Aditya K. Sood and Rohit Bansal study the malware's behaviour when ran on a physical machine.
Trick shows that spammers still try to beat content-based filters.
Use of single XOR key leaves ransomware open to known-plaintext attack.
Richard Ford and Marco Carvalho present an idea for how to test products that claim to detect the unknown.
Hot topics to be covered at VB2014 conference in Seattle.
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud.
Hong Kei Chan and Liang Huang describe the various aspects and the evolution of point-of-sale malware.
Thibault Reuille and Dhia Mahjoub use particle physics to shows clusters of malicious domains.
If you do need to run plug-ins, make sure you enable click-to-play.
Malware possibly still in the 'brewing' stage.
Patrick Wardle shows that OS X users really have something to worry about.
Default password makes vulnerability easy to exploit.
James Wyke looks at four difference decoy methods.
Raul Alvarez studies the Neshta prepending file infector.
Andrei Husanu and Alexandru Trifan look at what TCP packet sizes can teach us.
Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.
Good idea, but unlikely to have a huge impact.
Sorin Mustaca looks at how companies trading online can insure the risks they run.
Fabio Assolini to speak about malware targeting boletos.
75,000 jailbroken iOS devices infected with malware that steals ad revenues.
Short-lived network changes used to make miners connect to rogue pool.
Despite short spike, image spam no problem for spam filters.
Tool uses private keys found in database of victims.
RAT gets instructions from Yahoo Mail address.
Flexible module-handling mechanism allows malware to adjust functionalities at will.
29 out of 35 tested products earn VB100 award.
Seven speaking slots waiting to be filled with presentations on 'hot' security topics.
New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.
Bugs to be reported to the vendor only, and to become public once patched.
Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector.
Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++.
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
Story that appeared to be taken from fiction turns out... to have been fiction.
Axelle Apvrille and Ruchna Nigam look at both off-the-shelf products and custom obfuscation techniques.
Neither subscription nor registration required to access content.
Automatic analysis of malicious payloads becomes a little bit harder again.
Trojan masquerades as Google Play app; cannot be removed.
Would you like to publish your research through Virus Bulletin - or perhaps even work for us?
Coordinated effort against gang that's also behind CryptoLocker ransomware.
The June issue of Virus Bulletin is now available for subscribers to download.
'Brilliant mind and a true gentleman' commemorated through annual award for technical security research.
For reasons ranging from relatively good, to actual malware.
The May issue of Virus Bulletin is now available for subscribers to download.
AOL responds by following Yahoo! in setting strict DMARC policy.
Collateral damage in instruction to reject emails with invalid DKIM signatures.
OpenSSL vulnerability has kept the security community busy.
Exciting range of topics to be covered at VB conference in Seattle this September; Katie Moussouris to deliver keynote address.
Security firm advises regenerating keys and replacing certificates on vulnerable servers.
The April issue of Virus Bulletin is now available for subscribers to download.
'Software taggant system' and 'clean file metadata exchange' discussed at previous VB conferences.
The March issue of Virus Bulletin is now available for subscribers to download.
Eddy Willems' book is a pleasant read on an important subject.
'Bitcrypt' authors confused their bytes and digits.
No excuse for sending error reports in cleartext.
M3AAWG workshop to deal with fighting telephony abuse.
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC.
The February issue of Virus Bulletin is now available for subscribers to download.
Macros disabled in modern versions of Office, but enabled within many organisations.
Sysadmins can check hashes of processes against file-checking service database.
Credentials sent to attacker by built-in SMS functionality.
Unsophisticated scam shows the high level of commoditization of today's cybercrime.
It's possible that smart devices are sending spam, but it wouldn't make any difference.
The January issue of Virus Bulletin is now available for subscribers to download.
08 January 2014