An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
Gabor Szappanos (Sophos)
Last month’s issue of Virus Bulletin featured a detailed analysis of the Polarbot (a.k.a. Solarbot) trojan. The article covered just about everything you could ever want to know about it – except for one thing: how does a computer end up being…
Read moreWorking both as a product manager and as an IT security expert and evangelist for an IT security company, Sorin Mustaca has seen that, with the technologies and products that we have available, we can't mitigate all the attack vectors used by today’s…
Read more‘We will need to collaborate and implement standardized threat data sharing.' Chad Loeven
Read moreExpiro is a file infector that resurfaces from time to time, demonstrating more skills on each new appearance – infecting a service that gives a unique vantage point on traditional malicious activities; running the malware at computer restart without…
Read moreJohn Aycock highlights an ACSAC paper that looks at the issue of detecting web content modifications.
Read moreKyle Yang (Fortinet)
ProxyCB is a trojan that acts as a proxy server to send spam via the HTTP, HTTPS or SMTP protocol. Wei Wang and Kyle Yang take a detailed look at its installation process, how it bypasses UAC, and the final payload loading process, before dissecting…
Read moreGabor Szappanos (Sophos)
The author of Simbot doesn’t take anything for granted: all the necessary components for the malware’s execution are bundled and dropped onto the system, including the relevant vulnerable application for exploitation and regular Windows system…
Read moreSolarbot, a.k.a. Dapato or Napolar, is a traditional botnet that has been around for a while. It is used for spreading other malware and often comes with built-in DDoS and proxy modules. He Xu takes a closer look.
Read moreLast month, Peter Ferrie described a Windows virus that turns Java class files into droppers for the virus, and concluded that it would be a simple matter to reverse that: for a virus writer to create a Java class file that turns Windows files into…
Read more‘There is a shift occurring in the security space around incident response. It’s becoming clear that no organization is completely safe.' Tim Armstrong
Read more