Lastline Labs

Dr. Giovanni Vigna

Giovanni Vigna is one of the founders and CTO of Lastline as well as a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and mobile phone security. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2011. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. Giovanni Vigna received his M.S. with honors and Ph.D. from Politecnico di Milano, Italy, in 1994 and 1998, respectively. He is a member of IEEE and ACM.
Find me on:

Recent Posts

Lastline: It’s as easy as A-P-I

Posted by Dr. Giovanni Vigna on 4/18/16 9:19 AM

Lastline’s solutions analyze network traffic, programs, documents, and other artifacts to identify and block advanced malware in enterprise networks.

In order to be able to easily integrate its functionality in the security workflow of the enterprise, Lastline products provide access to their functionality through APIs.

Read More

Topics: Lastline Enterprise, Integration, Lastline Labs, APIs

The Malicious 1% of Ads Served

Posted by Dr. Giovanni Vigna on 11/14/14 11:31 AM

Last week at IMC Vancouver 2014, cyber-security researcher Apostolis Zarras of Ruhr-University Bochum presented a research paper entitled “The Dark Alleys of Madison Avenue, Understanding Malicious Advertisements” that he co-authored along with other researchers including my fellow Lastline co-founder Christopher Kruegel and myself. For this paper, we performed the first large-scale study of ad networks that serve malicious ads or “malvertising,” investigating the safety of 600,000 ads on 40,000 websites.

Our research revealed the widespread and presumably uninvited distribution of malware through online ad networks, dubbed “malvertising.” To detect malicious behavior in ads we used a composition of blacklists and Wepawet, a honeyclient developed at UCSB that uses an emulated browser to capture the execution of JavaScript to identify signs of maliciousness such as drive-by-download attacks. (Side note: Wepawet celebrates its 6th birthday this Friday, November 14.)

Read More

Topics: Evasive Malware, Malvertising, Wepawet

Rogue Online Pharmacies Use Fake Security Seals and Content Obfuscation to Deceive Humans and Programs

Posted by Dr. Giovanni Vigna on 9/17/14 1:00 PM

New research being presented tomorrow at RAID 2014 demonstrates that just two signals can automatically and effectively detect hundreds of malicious pages within 150,000 real-world samples with relatively high precision and accuracy: 1) content obfuscation and 2) fake certification seals. The UCSB research paper by Jacopo Corbetta, Luca Invernizzi, Christopher Kruegel and myself entitled “Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection” dissects these two common techniques used by malicious websites -- particularly rogue online pharmacies -- to mislead web visitors and evade security scanners.

Perhaps one of the more scientifically and sociologically interesting elements of this research is the fact that computer programs and human eyes see the online world very differently. At a basic level, programs see code and parse text that represents actions to be performed while humans see the online world visually, usually by interacting with a browser. So the complex, textual JavaScript that is interpreted by the browser becomes an eye-catching web site with images and text.

Read More

Topics: Cyber Fraud, Content Obfuscation, Phishing

Antivirus Isn't Dead, It Just Can't Keep Up

Posted by Dr. Giovanni Vigna on 5/21/14 10:00 AM

Much has been said in recent weeks about the state of antivirus technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal to determine which caught the malware samples, and how quickly.

Read More

Topics: Antivirus, Antivirus Detection Rates

Automatically Detecting Evasive Malware

Posted by Dr. Giovanni Vigna on 1/20/14 2:44 PM

Malware has always been in continuous evolution: Throughout the years we have seen simple viruses become polymorphic, autonomous self-replicating code connecting to a master host and becoming a botnet, and JavaScript being used to launch increasingly sophisticated attacks against browsers. This last attack vector has become increasingly popular, as drive-by-download exploits have become commoditized, and are routinely used to compromise hundreds of thousands of computers.

Read More

Topics: Malware Research, Evasive Malware

Subscribe to Email Updates