Greetings from my first visit to Virus Bulletin

Hello, David Jacoby here checking in from sunny Barcelona where I’m attending the annual Virus Bulletin conference.

I’m sitting here reviewing all the presentations from yesterday, and it just hit me, this is actually my first time at this conference. Previously I have only attended security conferences in the style of Black Hat, Defcon, HITB and others. The content is very different, and also the presentation styles. To be honest, I had no idea what to expect, but so far it’s been really refreshing and educational.

It’s been a blast to meet meet fellow researchers from the same industry and just to get a face to the people behind the e-mail addresses. If you are at Virus Bulletin and reading this, do not hesitate to find me!

So, it’s currently day two, and so far so good. Yesterday I saw about eight presentations, mostly in the technical track, but today I’m mostly visiting the corporate tracks. I think its a good mixture to get information from both tracks. The only problem with two tracks is choosing which one you want to attend.

I’m going through my notes and the presentations I’ve seen so far (in no particular order) are:

  • Predicting the future of stealth attacks by Rachit Mathur (McAfee)
  • Same botnet, same guys, new code by Pierre-Marc Bureau (ESET)
  • A study of malicious attacks on Facebook by a replacement for (Commtouch)
  • The dangers of per-user COM objects in Windows by Jon Larimer from (Google)
  • Strategies for monitoring FakeAV distribution networks by Onur Komili from (Sophos)
  • Malware mining from Igor Muttik from (McAfee)

I cannot really write about all of them, so I decided to pick one that was very interesting, and so far I must say that the one from Jon Larimer about the per-user COM objectives was really interesting. Nice presentation style and pretty interesting content. I mean the vulnerabilities has been disclosed but the concept was interesting. It kind of reminds me of the old LD_PRELOAD vulnerabilities for Unix/Linux. You can read more about the presentation here:

Greetings from my first visit to Virus Bulletin

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox