Bulletin

An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.

VB2016 paper: One-click fileless infection

Himanshu Anand (Symantec)
Chastine Menrige (Symantec)

There has recently been growing interest in a technique known as fileless infection, where malware authors compromise computers without writing any files to disk. This technique allows the threat to evade detection by file-scanning software while…

Read more  

Throwback Thursday: Michelangelo - Graffiti Not Art

In early 1992, a boot sector virus captured the imagination of the press and kicked up a media storm. Following a number of reports of the virus spreading in the UK, VB decided to publish an analysis. Fridrik Skulason brought us all the details of…

Read more  

Throwback Thursday: Once a Researcher...

Virus Bulletin

The author of Flushot, one of the world's first anti-virus programs, Ross Greenberg had already distanced himself from the main AV industry by 1995 - finding himself put off by the antics of certain vendors, whom he considered less than ethical in…

Read more  

VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for

Gadi Evron (Cymmetria)
Inbar Raz (Perimeter X)

While APT reports should have threat actors scrambling to keep up, in reality they are providing APT actors with the information they need to implement new operational security practices and technologies that have defenders working as hard as ever to…

Read more  

Throwback Thursday: A Troubled World

Edward Wilding (Virus Bulletin)

In early 1991, the world was a troubled place and conflict and violence were being reported globally on a daily basis. With this as a backdrop, the world of "indiscriminate" computer viruses which "victimise in a random and unpredictable manner"…

Read more  

The journey and evolution of God Mode in 2016: CVE-2016-0189

Ankit Anubhav (FireEye)
Manish Sardiwal (FireEye)

Exploits for the CVE‑2016‑0189 vulnerability offer both reliability and complexity, so it is little wonder that it was the most commonly exploited vulnerability in 2016. Ankit Anubhav traces the journey and evolution of the 'God Mode' exploitation…

Read more  

VB2016 paper: Great crypto failures

Yaniv Balmas (Check Point Software Technologies)
Ben Herzog (Check Point Software Technologies)

This VB2016 paper surveys selected recent case studies of unfortunate cryptographic implementations in malware. When considered together, these examples illustrate a picture of design anti-patterns that is either worrying or encouraging, depending on…

Read more  

Throwback Thursday: The malware battle: reflections and forecasts

Jaime Lyndon 'Jamz' A. Yaneza (Trend Micro)

At the start of 2004, Jamz Yaneza reflected on the year just ended and pondered what 2004 would have in store for the AV industry.

Read more  

VB2016 paper: Open source malware lab

Robert Simmons (ThreatConnect)

The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This…

Read more  

VB2015 paper: Labeless - No More

Alexander Chailytko (Check Point Software Technologies)
Aliaksandr Trafimchuk (Check Point Software Technologies)

Consider the following situation: at the beginning of our research we have an empty IDA database and binary code without labels and comments in Olly. After some dynamic analysis we will name a few functions. If, for some reason, an analysis is…

Read more  
Previous1234567...103Next

Search the Bulletin