An indispensable source of reference for anyone concerned with computer security, the Bulletin is the forum through which leading security researchers publish the latest security research and information in a bid to share knowledge with the security community. Publications cover the latest threats, new developments and techniques in the security landscape, opinions from respected members of the industry, and more. The Bulletin archives offer informative articles going back to 1989. Our editorial team is happy to hear from anyone interested in submitting a paper for publication.
We have seen hundreds, if not thousands, of variations of Zeus in the wild. The main goal of the malware does not vary, yet different functionalities have been added over time. Raul Alvarez takes a detailed look at some of those functionalities and…
Read moreLysa Myers (ESET)
It has often been said that the reason the general public does not take IT security seriously is that there has not been a sufficiently serious IT security disaster to make them take notice. But have leaks about the NSA given us the ‘cyber-Chernobyl’…
Read moreJohn Aycock considers Internet censuses and a tool that can scan almost the entire IPv4 address space in search of the answer to a given census question in less than 45 minutes.
Read moreRunning an iframe injector on a compromised virtual hosting server can easily result in the infection of hundreds of web servers in just a few seconds. Aditya Sood and colleagues look at the design of a basic injector: NiFramer.
Read moreDespite recent declines, spam still accounts for more than 70% of all email sent. Why does this happen? He Xu exposes the tip of the iceberg by analysing a recent spambot which is driven by the Andromeda botnet: Win32/Nedsym.G.
Read moreAll kinds of amazing things can be done in JavaScript, especially when the size is constrained. However, when you take size-optimization techniques, combine them with structure and variable-name obfuscations and cram in every malicious action that…
Read moreAditya Sood and colleagues discuss the details and design of the Styx exploit pack.
Read moreStephen Cobb (ESET)
‘Government-sponsored efforts to improve cybersecurity are underway ... but will they accomplish their goals?' Stephen Cobb, ESET.
Read moreIn the latest of his 'Greetz from Academe' series, highlighting some of the work going on in academic circles, John Aycock looks at academic focus on hackers.
Read more