The VB lab team return to Red Hat for the latest VB100 on Linux. Results were strong, with a clean sweep of passes, and for the most part excellent detection rates and stability. John Hawes has the details.
From distributing malware to hosting command and control servers and traffic distribution, malicious domains are essential to the success of nearly all popular attack vectors. Much effort has been put into building reputation-based malicious domain blacklists. However, in order to evade detection and blocking by the domain reputation systems, many malicious domains are now only used for a very short period of time - a malicious domain has already served most of its purpose by the time its content is detected and the domain is blocked. In their VB2014 paper, Wei Xu, Kyle Sanders and Yanxin Zhang propose a system for predicting the domains that are most likely to be used (or are about to be used) as malicious domains.
Brazilian bad guys have created a unique way of stealing money from people who prefer to keep their lives entirely offline. By altering ‘boletos’ - popular payment documents issued by banks and all kind of businesses in Brazil - cybercriminals have successfully stolen vast amounts of money, even from people who don’t own credit cards or use Internet banking accounts. In his VB2014 paper, Fabio Assolini explains how these attacks have happened, and gives advice on how to protect customers even when they have chosen to live their lives offline.
Caphaw, also known as Shylock, has been a quiet, yet persistent player on the botnet scene since 2011. It stands in great contrast to most botnet malware in that it was released with complete functionality rather than being released into the wild while still in the testing phase. The bold nature of the campaign (an easily identifiable entry point code sequence) was backed up by Caphaw’s intricately designed code structure which made it hard for analysts to create a complete profile of its malicious behaviour with various obfuscation and anti-sandbox techniques. In their VB2014 paper, Micky Pun and Neo Tan discuss the technical aspects of handling the anti-reversing strategies devised by the malware writer and evaluate how Caphaw could become a permanent fixture in the botnet scene in the future.