virus bulletin – Martijn Grooten

Malware authors' continued use of stolen certificates isn't all bad news

Martijn — Tue, 10 Jul 2018 12:00:55 +0000

A new malware campaign that uses two stolen code-signing certificates shows that such certificates continue to be popular among malware authors. But there is a positive side to malware authors’ use of stolen certificates.
More on Virus Bulletin’s blog.

Necurs update reminds us that the botnet cannot be ignored

Martijn — Fri, 06 Jul 2018 12:00:47 +0000

The operators of the Necurs botnet, best known for being one of the most prolific spam botnets of the past few years, have pushed out updates to its client, which provide some important lessons about why malware infections matter.
More on Virus Bulletin’s blog.

We cannot ignore the increased use of IoT in domestic abuse cases

Martijn — Tue, 26 Jun 2018 09:39:09 +0000

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.
Read more on Virus Bulletin’s blog.

Subtle change could see a reduction in installation of malicious Chrome extensions

Martijn — Wed, 13 Jun 2018 09:37:02 +0000

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.

Expired domain led to SpamCannibal's blacklist eating the whole world

Martijn — Thu, 31 May 2018 09:36:05 +0000

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
Read more on Virus Bulletin’s blog.

MnuBot banking trojan communicates via SQL server

Martijn — Wed, 30 May 2018 09:34:55 +0000

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Read more on Virus Bulletin’s blog.

XMRig used in new macOS cryptominer

Martijn — Wed, 23 May 2018 09:34:35 +0000

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Read more on Virus Bulletin’s blog.

Tendency for DDoS attacks to become less volumetric fits in a wider trend

Martijn — Tue, 22 May 2018 09:30:09 +0000

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.
Read more on Virus Bulletin’s blog.

We are more ready for IPv6 email than we may think

Martijn — Mon, 21 May 2018 09:38:11 +0000

Though IPv6 is gradually replacing IPv4 on the Internet’s network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
Read more on Virus Bulletin’s blog.

Hide'n'Seek IoT botnet adds persistence

Martijn — Wed, 09 May 2018 09:28:02 +0000

The Hide’n’Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.
Read more on Virus Bulletin’s blog.